Project

General

Profile

report #7089

Rights and Roles Workshop 2017-11

Added by Andreas Kohlbecker about 1 year ago. Updated 5 months ago.

Status:
In Progress
Priority:
New
Category:
cdmlib
Target version:
Start date:
11/23/2017
Due date:
% Done:

0%

Severity:
normal
Tags:

Description

The workshop will be held in from 27.11 - 30.11.2017

Topics:

  • Do the current rights work correctly in TaxEditor & Vaadin
    • most important: editing of factual data with limited rights on feature (and taxon subtree)
  • Rights for long running tasks like repair mechanisms, cleanups and imports (e.g. pre-check if an import is allowed at all with the given rights)
  • Discuss the Create/Update/Delete issue where a user has rights to create, but not to update a record that he/she created. ==> WorkshopRightsAndRoles2017-11
    • Are there better solutions? How are others solve the problem?
    • Which use-cases do we have?
    • Solutions in existing systems
  • Are string based rights the best data structure or use a more structured class? (ticket exists) ==> no, the class CdmAuthority needs to become a cdm model class which replaces, extends GrantedAutorityImpl, see WorkshopRightsAndRoles2017-11#Combing-GrantedAuthorities, TODO do we need to have relations between cdm entities and Rights
  • Rights&Roles editor ===> draft for a better UI in WorkshopRightsAndRoles2017-11#Combing-GrantedAuthorities, second photo
    • Current state
    • Requirements
  • Is the original "View" concept maybe a better solution. This concept adds each CdmBase to a number of roles, so the rights are defined as data relationships between the role and the actual data. ==> TODO
    • This may make reading rights easier to implement
    • Critical: each insert (and maybe even update or delete) needs to update the rights relationships.
  • Reading rights ===> WorkshopRightsAndRoles2017-11#Strategy-3-Unpublished-Entities-general-READ-rights
    • Requirements
    • How to implement in editors (sometimes read rights are required to get to a certain place where you have write rights, e.g. for editing factual data you need read rights for the taxon/specimen, and for standard use you even need read rights for the whole classification as the access is often via the taxon navigator.
  • Do we need a technical label for terms ==> TODO
  • Do we need concatenated rights like "Subtree A and Feature A + tree B and Feature B, but not Tree A and Feature B" ===> WorkshopRightsAndRoles2017-11#Combing-GrantedAuthorities
  • Performance

  • managing tickets

    • Discuss: which tags to use in Redmine for rights&roles issues (see comment)
    • all open tickets with security tag

Project specific requirements:

  • World Flora Online
    • Löschen von Namen, die eine WFO ID haben, ist nur dem „Super-Admin“ möglich – oder nur nach sehr starker Warnung.
  • Red List 2020
    • Editing of distributions that belong to a certain area
  • Additivity:
    • Editing of a working set
    • For a given working set edit the character matrix (content), this may include the possibility to add specimen / taxa. It also includes rights on all characters (=features) defined in the working set
  • FaunaEuropeae
    • management roles per taxonomic group (#4159)
  • Euro+Med
    • ???

Use Cases

  • Facts Eingabe für ein Feature
  • Campanula
  • ...

Results of the workshop in WorkshopRightsAndRoles2017-11

History

#1 Updated by Andreas Müller about 1 year ago

  • Description updated (diff)

#2 Updated by Andreas Müller about 1 year ago

  • Description updated (diff)

#3 Updated by Andreas Müller about 1 year ago

  • Description updated (diff)

#4 Updated by Andreas Müller about 1 year ago

  • Description updated (diff)

Ja derzeit subsummiert dies alles unter term Tag "security". Eigentlich wäre ein spezifischeres Tag besser. Wir sollten da vielleicht wirklich trennen:

  • authentication
  • permission (also alles was Rechte, Rollen und Autorisierung betrifft)
  • security (das stünde dann für alles was sicherheitsrelevante Themen betrifft, die nicht zu den beiden anderen Begriffen gehören)

Andreas

#5 Updated by Andreas Kohlbecker about 1 year ago

  • Tags set to permission

#6 Updated by Andreas Kohlbecker about 1 year ago

  • Description updated (diff)

#7 Updated by Andreas Kohlbecker about 1 year ago

  • Description updated (diff)

#8 Updated by Andreas Müller about 1 year ago

  • Description updated (diff)

#9 Updated by Andreas Müller about 1 year ago

  • Description updated (diff)

#10 Updated by Andreas Müller about 1 year ago

  • Description updated (diff)

#11 Updated by Andreas Müller about 1 year ago

  • Description updated (diff)

#12 Updated by Andreas Müller about 1 year ago

  • Description updated (diff)

#13 Updated by Andreas Müller about 1 year ago

  • Description updated (diff)

#14 Updated by Andreas Kohlbecker about 1 year ago

  • Description updated (diff)

#15 Updated by Andreas Kohlbecker about 1 year ago

  • Description updated (diff)

#16 Updated by Andreas Kohlbecker about 1 year ago

  • Description updated (diff)

#17 Updated by Andreas Kohlbecker about 1 year ago

  • Description updated (diff)

#18 Updated by Andreas Müller 5 months ago

Do we want to keep this ticket open?

#19 Updated by Andreas Kohlbecker 5 months ago

  • Status changed from New to In Progress
  • Assignee changed from Andreas Kohlbecker to Andreas Müller

It is linked from WorkshopRightsAndRoles2017-11, therefore I think we could close it without losing anything, BUT there are some TODOs in the topics list which need to be discussed in the next workshop.

So the question is: Keep this ticket open or create a new one covering the TODOs only?

#20 Updated by Andreas Müller 5 months ago

  • Target version set to Release 5.3

I think it is better to close this ticket and open a new "Open issues for Rights and Roles" ticket.

#21 Updated by Andreas Müller 5 months ago

  • Target version changed from Release 5.3 to Release 5.5

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)