Project

General

Profile

Actions

Bug #437

closed

Document Access Control Rules

Added by Jing Tao almost 23 years ago. Updated over 22 years ago.

Status:
Resolved
Priority:
Immediate
Assignee:
Category:
metacat
Target version:
Start date:
02/26/2002
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
437

Description

Now the rules for document access control in Morpho and MetaCat are:
1. If a data package doesn't have access control list, the owner of
datapackage will be the only full control.
2. If a data package does have access control list, apply it.
3. If a member document of data package doesn't have access control list,
access control of data set document will apply to the member document.

The third rule is no good and need to get rid of it.

The reason is:
If a package smith.23.1 has a triple to point smith.34.1 and smith.34.1
doesn't have access control list. It is okay because they all belong to a
owner - Smith. If another package named henry.2.1 has a triple to point
smith.34.1 too. Because smith.34.1 doesn't access control list and henry can
access it. Maybe henry doesn't allow to access it.

Actions #1

Updated by Jing Tao almost 23 years ago

hasPermission method was revised. If there is no record in xml_access table
for a document. We will check if the user is a document's owner. If it is, has
permission. If it isn't the owner, doesn't have permission.

Actions #2

Updated by Redmine Admin over 11 years ago

Original Bugzilla ID was 437

Actions

Also available in: Atom PDF