https://projects.ecoinformatics.org/ecoinfo/https://projects.ecoinformatics.org/ecoinfo/ecoinfo/favicon.ico?14691340362000-09-22T22:43:37ZEcoinformatics RedmineMetacat - Bug #92: need access control tracking for metadata documentshttps://projects.ecoinformatics.org/ecoinfo/issues/92?journal_id=3072000-09-22T22:43:37ZMatt Jonesjones@nceas.ucsb.edu
<ul></ul><p>Changed target milestone to Beta2</p> Metacat - Bug #92: need access control tracking for metadata documentshttps://projects.ecoinformatics.org/ecoinfo/issues/92?journal_id=3082001-01-12T19:20:51ZJivka Bojilovabojilova@nceas.ucsb.edu
<ul></ul><p>DONE<br />1. ACL info for resources (data and metadata docs) is applied through access <br />files only.<br />2. Access files are submitted to Metacat in the way like other metadata<br />docs with the difference that in background records are created in<br />xml_access and xml_relation tables for use.<br />3. Access files could be submitted to Metacat only after submission of the <br />resources specified within them by <resourceIdentifier> tags. Resources are <br />specified with their whole metacat URLs. docids are extracted from the URL by <br />parsing the URL query string using MetaCatUtil.parseQuery(URL murl.getQuery()) <br />routine.<br />4. Access file can specify acl info for resources only owned by the user <br />submitting the access file or having "all" permissions on all off them. In other <br />case submission of the access file is rejected.<br />5. Access files itself get by default public read access as all metadata docs <br />which is convenient for now during development by probably should be made <br />optional in order to be specified by the client. (?)<br />6. It is possible same permission for a user on given resource to be specified <br />from different access files. In this case the permission that is the most (by <br />time duration, by perm_order: "allowFirst" or "denyFirst") is used (simple <br />algorithm is implemented). <br />7. "accesfileid" attr in xml_access table stores docid of the access <br />file. Also "docid" attr in xml_relation table is again the docid of the access <br />file that brings the relationships (<accessfile, 'isaclfor', resource>).<br />These attrs are convenient when access file is updated or deleted to delete the <br />related records from xml_access and xml_relation tables first (these 2 tables <br />keep only the current/last version of the access file)<br />8. "read" action checks the user for having "read" permission on the found docs <br />(if not publicly readable or not his/her own). Only docs on which user have <br />"read" permission are extracted (along with his/her own and publicly readable). <br />9. "update" and "delete" actions check for "write" permission on the manipulated <br />doc (owned docs are permitted again).</p> Metacat - Bug #92: need access control tracking for metadata documentshttps://projects.ecoinformatics.org/ecoinfo/issues/92?journal_id=3092013-03-27T21:13:19ZRedmine Admin
<ul></ul><p>Original Bugzilla ID was 92</p>