Bug #5553
open
setaccess action may have deleting access rule functionality
Added by Jing Tao almost 13 years ago.
Updated almost 13 years ago.
Description
Currently, setaccess action can only add access rules to the metacat. There is a limitation.
Sometimes, we want to keep granting or revoking a allow public read access rules for a document.
If we choose "denyFirst" as the order type(metacat can't change order type when a document set it), we can't revoke the public readable access if we granted it.
If we choose "allowFirst" as the order type, we can't regrant it if we denied it.
So if setaccess action (or we can have another action deleteaccess), this scenario can be avoided.
There is currently a method in Metacat's access API that allows you to set the entire access block for a given document instead of just adding them one by one. This method effectively deletes all access rules and replaces them with the one you specify in the call. I think you could use this method aslong as you were careful to preserve the access rules that are for principals other than "public".
The method uses the same "action=setaccess", but you include a complete "accessBlock" parameter that is the XML representation of the access control rules (like they are returned in the action=getaccesscontrol method). For example: http://knb.ecoinformatics.org/knb/metacat?action=getaccesscontrol&docid=tao.1.1
Sounds like we can use it. However, we have to parse the returned result of action=getaccesscontrol in order to preserve the access rules that are for principals other than "public". If there is delete method, it will be more efficient .
Original Bugzilla ID was 5553
Also available in: Atom
PDF