Bug #5553
opensetaccess action may have deleting access rule functionality
0%
Description
Currently, setaccess action can only add access rules to the metacat. There is a limitation.
Sometimes, we want to keep granting or revoking a allow public read access rules for a document.
If we choose "denyFirst" as the order type(metacat can't change order type when a document set it), we can't revoke the public readable access if we granted it.
If we choose "allowFirst" as the order type, we can't regrant it if we denied it.
So if setaccess action (or we can have another action deleteaccess), this scenario can be avoided.
Updated by Jing Tao over 12 years ago
When this bug is fixed, we should reopen the bug 5551:
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5551
Updated by ben leinfelder over 12 years ago
There is currently a method in Metacat's access API that allows you to set the entire access block for a given document instead of just adding them one by one. This method effectively deletes all access rules and replaces them with the one you specify in the call. I think you could use this method aslong as you were careful to preserve the access rules that are for principals other than "public".
The method uses the same "action=setaccess", but you include a complete "accessBlock" parameter that is the XML representation of the access control rules (like they are returned in the action=getaccesscontrol method). For example: http://knb.ecoinformatics.org/knb/metacat?action=getaccesscontrol&docid=tao.1.1
Updated by Jing Tao over 12 years ago
Sounds like we can use it. However, we have to parse the returned result of action=getaccesscontrol in order to preserve the access rules that are for principals other than "public". If there is delete method, it will be more efficient .