Project

General

Profile

Bug #7185

EML SAX parser will not check if the user has the all permission on data objects (described by the eml object) when the parser is called by DataONE API

Added by Jing Tao over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
metacat
Target version:
Start date:
05/01/2017
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:

Description

In the old Metacat API, the data objects' access rules are controlled by the EML object which describes it. So when the eml parser detects the newer version eml is trying to change the access rules of data objects, it need to verify the user has the ALL permission on the data objects. Otherwise, any users can change the data objects' access rule.
However, on DataONE API, data objects' access rules are specified in the system metadata associated with data objects. The access rules on the eml object doesn't control them any more. So we don't need to check it.

History

#1 Updated by Jing Tao over 2 years ago

  • Status changed from New to Resolved

To the Metacat API, we still apply the checking. But to Dataone API, we don't.

Also available in: Atom PDF