...
- Implement access control only at the level of spaces
- Datasets and collections authorization is based on space
- For resources in multiple spaces take the union of permissions
- Only the owner can add a dataset/collection to a new space
- In a world where resources can be in multiple spaces, spaces becomes a view into the data, not a simple self contained place
- What happens if D1 is in C1, C1 is in S1, but D1 is not in S1?
- Publishing a dataset or collection for public viewing will be done as a separate feature from managing permission on a space level
Permissions Cleanup:
(Note this is the list from api.Permissions.Permission. It's pretty low lever and it's what controller look for in the case of secured actions)
Public -> Public (will eventually be removed)
Admin -> SpaceAdmin
CreateCollections -> CreateCollection
DeleteCollections -> DeleteCollection
EditCollection -> *Keep*
ListCollections -> *Remove* (see ViewSpace)
ShowCollection -> ViewCollection
CreateSpaces -> CreateSpace
UpdateSpaces -> EditSpace
DeleteSpaces -> DeleteSpace
EditSpace -> *Keep*
ListSpaces -> *Remove*
ShowSpace -> ViewSpace
CreateDatasets -> CreateDataset
DeleteDatasets -> DeleteDataset
ListDatasets -> *Remove* (see ViewSpace)
ShowDataset -> ViewDataset
SearchDatasets -> ViewDataset
AddDatasetsMetadata -> AddMetadata
ShowDatasetsMetadata -> ViewMedata
CreateTagsDatasets -> AddTag
DeleteTagsDatasets -> DeleteTag
ShowTags -> ViewTags
UpdateDatasetInformation -> EditDataset
UpdateLicense -> EditLicense
CreateComments -> CreateComment
RemoveComments -> DeleteComment
EditComments -> EditComment
CreateNotes -> CrateNote
AddSections -> AddSection
GetSections -> VieSections
CreateTagsSections -> AddTag
DeleteTagsSections -> Delete Tag
CreateFiles -> AddFile
DeleteFiles -> DeleteFile
ListFiles-> *Remove* (everyone should be able to)
ExtractMetadata -> ViewMetadata
AddFilesMetadata -> AddMetadata
ShowFilesMetadata -> ViewMetadata
ShowFile -> ViewFile
SearchFiles -> ViewFile
CreateTagsFiles -> AddTag
DeleteTagsFiles -> DeleteTag
CreateStreams -> CreateGeoTemporalStream
AddDataPoints -> CreateGeoTemporalDatapoint
SearchStreams -> ViewGeoTemporalStream
AddZoomTile -> CreatePreview
Add3DTexture -> CreatePreview
AddIndex -> CreateIndex
CreateSensors -> CreateGeoTemporalSensor
ListSensors -> ViewGeoTemporalSensor
GetSensors -> ViewGeoTemporalSensor
SearchSensor -> ViewGeoTemporalSensor
RemoveSensors -> ViewGeoTemporalSensor
AddThumbnail -> CreatePreview
DownloadFiles -> *Same*
GetUser -> ViewUser
AddProject -> EditUser
AddInstitution -> EditUser
UserAdmin -> *Remove* (only superadmins should be able to do this)