Project

General

Profile

Actions

feature request #7018

closed

implement a CdmPermissionVoter and default authorities for SpecimenOrObservationBase

Added by Andreas Kohlbecker over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Highest
Category:
cdmlib
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Severity:
critical

Description

SpecimenOrObservationBase need to be protected by a SpecimenOrObservationBaseVoter which evaluates CRUD permissions given to users or Groups.

Permissions and the derivation hierachy

If a per entity authority for a SpecimenOrObservationBase is given to a user the hierarchy of the DerivedUnits becomes important

In case of the Phycobank project a per entity authority is given for the FieldUnit and this permission will intrinsically be propagated to all children in the the derivation tree.

This approach seems to be sufficient for most project workflows. If user is not having the permission to edit the whole derivation tree it can be granted to edit a specific DerivedUnit and will then be able to create and modify all units which are derivatives of the one he is allowed to edit. But this might not be appropriate in all cases:

DerivedUnits and DerivationEvents can form graphs with multiple roots.

fuA -- duA
          \
           duAB -- du2
          /
fuB -- duB

In order to modify du2 it is either necessary to have the per entity authority for

  • (1) duAB, as mentioned above, or
  • (2) for fuA AND fuB.

This second (2) approach is however not feasible with the current CdmAuthorities and the CdmPermissionVoter.furtherVotingDescisions((CdmAuthority cdmAuthority, Object object, Collection<ConfigAttribute> attributes, ValidationResult validationResult) which is only able to operate on one CdmAuthority at the same time. To make it possible to validate permissions as in (2) it would be needed to pass all CdmAuthority for which the voter is responsible for to the furtherVotingDescisions method. ==> handled in #7020


Related issues

Related to EDIT - feature request #6852: GrantedAuthorities and permission Groups for PhycobankClosedAndreas Kohlbecker

Actions
Related to EDIT - feature request #6654: implement a CdmPermissionVoter for RegistrationsClosedAndreas Kohlbecker

Actions
Copied from EDIT - feature request #7016: implement a CdmPermissionVoter for TypeDesignationsRejectedAndreas Kohlbecker

Actions
Copied to EDIT - feature request #7020: Allow SpecimenOrObservationBaseVoter to make futher voting decision on base of multiple authorities NewAndreas Kohlbecker

Actions
Actions #1

Updated by Andreas Kohlbecker over 5 years ago

Actions #2

Updated by Andreas Kohlbecker over 5 years ago

Actions #3

Updated by Andreas Kohlbecker over 5 years ago

Actions #4

Updated by Andreas Kohlbecker over 5 years ago

  • Description updated (diff)
Actions #5

Updated by Andreas Kohlbecker over 5 years ago

  • Description updated (diff)
Actions #6

Updated by Andreas Kohlbecker over 5 years ago

  • % Done changed from 0 to 30
Actions #7

Updated by Andreas Kohlbecker over 5 years ago

  • Description updated (diff)
Actions #8

Updated by Andreas Kohlbecker over 5 years ago

  • Copied to feature request #7020: Allow SpecimenOrObservationBaseVoter to make futher voting decision on base of multiple authorities added
Actions #9

Updated by Andreas Kohlbecker over 5 years ago

  • Status changed from New to Resolved
  • % Done changed from 30 to 50
Actions #10

Updated by Andreas Kohlbecker over 5 years ago

  • Description updated (diff)
  • Status changed from Resolved to Closed
  • % Done changed from 50 to 100
Actions

Also available in: Atom PDF