feature request #7018
closedimplement a CdmPermissionVoter and default authorities for SpecimenOrObservationBase
100%
Description
SpecimenOrObservationBase need to be protected by a SpecimenOrObservationBaseVoter which evaluates CRUD permissions given to users or Groups.
Permissions and the derivation hierachy¶
If a per entity authority for a SpecimenOrObservationBase is given to a user the hierarchy of the DerivedUnits becomes important
In case of the Phycobank project a per entity authority is given for the FieldUnit and this permission will intrinsically be propagated to all children in the the derivation tree.
This approach seems to be sufficient for most project workflows. If user is not having the permission to edit the whole derivation tree it can be granted to edit a specific DerivedUnit and will then be able to create and modify all units which are derivatives of the one he is allowed to edit. But this might not be appropriate in all cases:
DerivedUnits and DerivationEvents can form graphs with multiple roots.
fuA -- duA \ duAB -- du2 / fuB -- duB
In order to modify du2
it is either necessary to have the per entity authority for
- (1)
duAB
, as mentioned above, or - (2) for
fuA
ANDfuB
.
This second (2) approach is however not feasible with the current CdmAuthorities
and the CdmPermissionVoter.furtherVotingDescisions((CdmAuthority cdmAuthority, Object object, Collection<ConfigAttribute> attributes, ValidationResult validationResult)
which is only able to operate on one CdmAuthority at the same time. To make it possible to validate permissions as in (2) it would be needed to pass all CdmAuthority
for which the voter is responsible for to the furtherVotingDescisions method. ==> handled in #7020
Related issues
Updated by Andreas Kohlbecker over 6 years ago
- Copied from feature request #7016: implement a CdmPermissionVoter for TypeDesignations added
Updated by Andreas Kohlbecker over 6 years ago
- Related to feature request #6852: GrantedAuthorities and permission Groups for Phycobank added
Updated by Andreas Kohlbecker over 6 years ago
- Related to feature request #6654: implement a CdmPermissionVoter for Registrations added
Updated by Andreas Kohlbecker over 6 years ago
- Copied to feature request #7020: Allow SpecimenOrObservationBaseVoter to make futher voting decision on base of multiple authorities added
Updated by Andreas Kohlbecker over 6 years ago
- Status changed from New to Resolved
- % Done changed from 30 to 50
Applied in changeset cdmlib|88249c56f555abbd8f9e8b83e2a336dd8a8027b9.
Updated by Andreas Kohlbecker over 6 years ago
- Description updated (diff)
- Status changed from Resolved to Closed
- % Done changed from 50 to 100