feature request #6654
Updated by Andreas Kohlbecker almost 7 years ago
Registrations need to be protected by a RegistrationsVoter which evaluates CRUD permissions given to users or Groups. **Current situation:** The a default data inserter in the cdm-vaadin project creates the role CURATION in the data base this role is being used to grant access to the Registration editor. This level of protection is however not sufficient. It is in principle still possible to to get write access via the http invoker remoring service. **ToDo:** * implement RegistrationsVoter (extends CdmPermissionVoter) and configure the security context to use it * add a default Group to the first data inserter: `RegistrationCurator = "Registration.[DELETE,CREATE,UPDATE,READ]"` * implement tests * Phycobank specific: * all users must be given the PermissionGroup `Editor` see https://dev.e-taxonomy.eu/redmine/projects/edit/wiki/CdmAuthorisationAndAccessControl#Permission-Groups * the required data inserter should extend the PermissionGroup `Editor` by "Registration.[CREATE]" * We need a `RegistrationStateManager` which can change the RegistrationState on behalf of the user, since the user is not permitted to change the Registration again. The user can request the `RegistrationStateManager` for state changes by sending a `RegistrationStateEvent`with one of the following messages: `PREPARATION_COMPLETE` => new state: `CURATION`, `WITHDRAW` => new state: `REJETCED`. see #6654 for more details