Project

General

Profile

Bug #437

Document Access Control Rules

Added by Jing Tao over 17 years ago. Updated over 17 years ago.

Status:
Resolved
Priority:
Immediate
Assignee:
Category:
metacat
Target version:
Start date:
02/26/2002
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
437

Description

Now the rules for document access control in Morpho and MetaCat are:
1. If a data package doesn't have access control list, the owner of
datapackage will be the only full control.
2. If a data package does have access control list, apply it.
3. If a member document of data package doesn't have access control list,
access control of data set document will apply to the member document.

The third rule is no good and need to get rid of it.

The reason is:
If a package smith.23.1 has a triple to point smith.34.1 and smith.34.1
doesn't have access control list. It is okay because they all belong to a
owner - Smith. If another package named henry.2.1 has a triple to point
smith.34.1 too. Because smith.34.1 doesn't access control list and henry can
access it. Maybe henry doesn't allow to access it.

History

#1 Updated by Jing Tao over 17 years ago

hasPermission method was revised. If there is no record in xml_access table
for a document. We will check if the user is a document's owner. If it is, has
permission. If it isn't the owner, doesn't have permission.

#2 Updated by Redmine Admin over 6 years ago

Original Bugzilla ID was 437

Also available in: Atom PDF