Bug #5553

setaccess action may have deleting access rule functionality

Added by Jing Tao about 9 years ago. Updated almost 9 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


Currently, setaccess action can only add access rules to the metacat. There is a limitation.

Sometimes, we want to keep granting or revoking a allow public read access rules for a document.

If we choose "denyFirst" as the order type(metacat can't change order type when a document set it), we can't revoke the public readable access if we granted it.

If we choose "allowFirst" as the order type, we can't regrant it if we denied it.

So if setaccess action (or we can have another action deleteaccess), this scenario can be avoided.


#1 Updated by Jing Tao almost 9 years ago

When this bug is fixed, we should reopen the bug 5551:

#2 Updated by ben leinfelder almost 9 years ago

There is currently a method in Metacat's access API that allows you to set the entire access block for a given document instead of just adding them one by one. This method effectively deletes all access rules and replaces them with the one you specify in the call. I think you could use this method aslong as you were careful to preserve the access rules that are for principals other than "public".
The method uses the same "action=setaccess", but you include a complete "accessBlock" parameter that is the XML representation of the access control rules (like they are returned in the action=getaccesscontrol method). For example:

#3 Updated by Jing Tao almost 9 years ago

Sounds like we can use it. However, we have to parse the returned result of action=getaccesscontrol in order to preserve the access rules that are for principals other than "public". If there is delete method, it will be more efficient .

#4 Updated by Redmine Admin over 7 years ago

Original Bugzilla ID was 5553

Also available in: Atom PDF