Bug #437
closedDocument Access Control Rules
0%
Description
Now the rules for document access control in Morpho and MetaCat are:
1. If a data package doesn't have access control list, the owner of
datapackage will be the only full control.
2. If a data package does have access control list, apply it.
3. If a member document of data package doesn't have access control list,
access control of data set document will apply to the member document.
The third rule is no good and need to get rid of it.
The reason is:
If a package smith.23.1 has a triple to point smith.34.1 and smith.34.1
doesn't have access control list. It is okay because they all belong to a
owner - Smith. If another package named henry.2.1 has a triple to point
smith.34.1 too. Because smith.34.1 doesn't access control list and henry can
access it. Maybe henry doesn't allow to access it.
Updated by Jing Tao almost 23 years ago
hasPermission method was revised. If there is no record in xml_access table
for a document. We will check if the user is a document's owner. If it is, has
permission. If it isn't the owner, doesn't have permission.