Project

General

Profile

Bug #926

access control too dependent on eml

Added by Chad Berkley almost 17 years ago. Updated almost 17 years ago.

Status:
Resolved
Priority:
Immediate
Assignee:
Category:
metacat
Target version:
Start date:
12/11/2002
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
926

Description

Metacat's access control seems too dependent on EML. If I have a single
(arbitrarily or non-typed) document and I want to make it publicy readable, I
have to create an eml package with triples pointing to an access file then
insert the whole package into metacat, when all I really want to do is insert
that single file and say 'make this publicly readable'.

One way to do this is to make a generic interface that is internal to metacat
but can be subclasses by some plugin to parse specific ACL documents (like
eml-access). This generic interface would be part of the metacat API so that it
is accessible via http.

Another way to do it is to have metacat actually create access documents from
some API function, but this might run into conflict problems if a package
already has an access file.

We are going to have to retool this a bit when we start using eml2 anyway so it
would be a good time to make this interface more general.

History

#1 Updated by Jing Tao almost 17 years ago

Change Milestone from postpone to 1.3

#2 Updated by Jing Tao almost 17 years ago

A new interface AccessControlInterface was created. It has generic
constants(probably some methods) for access control. Two class implements the
interface. One is AccessControlList which handle access document in data
package. The other is a new class named AccessControlForSingleFile.

A new action in metacat was created name "setaccess". The format for this
action is:
http://dev.nceas.ucsb.edu/tao/servlet/metacat?action=setaccess&docid=pipeline.2
&docid=pipeline3.1&principal=public&principal=jtao&permission=read
&permType=allow&permOrder=allowFirst

It will assign access rules in xml_access table for these docids if these
docids are not in a package.

The method we judge if a docid is in a package:
Get doctype(public id) for this docid in xml_documents. Create a variable
named packagedoctypeset in metacat.property file. In this variable it has all
public id such as:
BIN,
//ecoinformatics.org//eml-access-2.0.0beta6//EN,
//ecoinformatics.org//eml-access-2.0.0beta4//EN,
-//ecoinformatics.org//eml-attribute-2.0.0beta6//EN and so on.

If the doctype of this id is in this set, the setaccess action will be
forbidden. Otherwise, it allows.

#3 Updated by Redmine Admin over 6 years ago

Original Bugzilla ID was 926

Also available in: Atom PDF