https://projects.ecoinformatics.org/ecoinfo/https://projects.ecoinformatics.org/ecoinfo/ecoinfo/favicon.ico?14691340362003-09-11T17:45:23ZEcoinformatics RedmineNRS Information System - Bug #282: need update/delete handling for data registryhttps://projects.ecoinformatics.org/ecoinfo/issues/282?journal_id=9762003-09-11T17:45:23ZSaurabh Gargsgarg@nceas.ucsb.edu
<ul></ul><p>The current interface has insert and query capability. But a popular demand is <br />to also have the ability to modify the previous records. But allowing <br />modifications of previous records lead to the issue of security - a record <br />written by someone can be modified by someone else. This maybe done with a good <br />intention. But such functionality can be highly misused if not used with <br />authentication.</p>
<p>Authentication can only be done using a username and password. (is there any <br />other easier way?)For researchers entering metadata, this might be a turnoff.</p>
<p>So we could give them a choice between the following:<br />1. If they choose not to edit the metadata later, they can skip the part of <br />entering username and password. The metadata will be added to the database <br />using a default account. <br />When the record is requested for modifying, it won't be reachable by the user <br />as user doesn’t know the default username and password (which is required to <br />modify the account). So the record is still modifiable - but just by admin.<br />2. If they choose to edit the metadata later, then they will have to enter a <br />username and password. The metadata will be added to the database using the <br />username and password provided. <br />When the record is requested for modifying, it would be reachable by the user <br />using his username and password. So the record is modifiable only by the person <br />who created it. (Maybe we can let the default account also modify any entry - <br />as Rudolf won't be checking all the entries. If someone adds a rogue entry <br />which is found later, it could be modifiable by the admin using the web <br />interface).</p>
<p>For now, we are going to hard code option 2 without giving the user the choice. <br />Maybe in future we can give the above choice to the user.</p>
<p>Another requested feature is that the data entered should be confirmed before <br />entering into the system. After the user submits the data, a page should be <br />shown which shows all the data entered, so that the person can confirm the <br />data. At the end of the page we can have a username and password field. The <br />buttons would be submit and reset. We could also add options for ACL. That is <br />the user can decide whether to make the document public or private.</p>
<p>In case submit is pressed, the username - password fields will be checked. If <br />correct, the metadata will be entered to the database. If not correct, it can <br />be forwarded to a new webpage requesting to register or find out password for <br />your username. If reset is pressed, the register dataset page is shown back <br />again. (.. with fields filled with old entries)?</p>
<p>Also when retrieving a document for modifications – a check should be made as <br />to any additional information has been added to the document. That is, has <br />something been added to the document which cannot be shown using the webpage. <br />If yes, then the user should be told that the document is not modifiable using <br />the web interface and the user should use software like Morpho to edit the <br />document.</p>
<p>(Solution to Bugs 282 and 283 are related?)</p> NRS Information System - Bug #282: need update/delete handling for data registryhttps://projects.ecoinformatics.org/ecoinfo/issues/282?journal_id=9772013-03-27T21:13:51ZRedmine Admin
<ul></ul><p>Original Bugzilla ID was 282</p>