Versions Compared

Old Version 6

changes.mady.by.user Rob Kooper

Saved on

compared with

New Version 7

changes.mady.by.user Luigi Marini

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Implement access control only at the level of spaces
    1. Datasets and collections authorization is based on space
    2. For resources in multiple spaces take the union of permissions
  2. Only the owner can add a dataset/collection to a new space
  3. In a world where resources can be in multiple spaces, spaces becomes a view into the data, not a simple self contained place
  4. What happens if D1 is in C1, C1 is in S1, but D1 is not in S1?
  5. Publishing a dataset or collection for public viewing will be done as a separate feature from managing permission on a space level
Permissions Cleanup:

(Note this is the list from api.Permissions.Permission. It's pretty low lever and it's what controller look for in the case of secured actions)

 Public -> Public (will eventually be removed)
 Admin -> SpaceAdmin
 CreateCollections -> CreateCollection
 DeleteCollections -> DeleteCollection
 EditCollection -> *Keep*
 ListCollections -> *Remove* (see ViewSpace)
 ShowCollection -> ViewCollection
 CreateSpaces -> CreateSpace
 UpdateSpaces -> EditSpace
 DeleteSpaces -> DeleteSpace
 EditSpace -> *Keep*
 ListSpaces -> *Remove*
 ShowSpace -> ViewSpace
 CreateDatasets -> CreateDataset
 DeleteDatasets -> DeleteDataset
 ListDatasets -> *Remove* (see ViewSpace)
 ShowDataset -> ViewDataset
 SearchDatasets -> ViewDataset
 AddDatasetsMetadata -> AddMetadata
 ShowDatasetsMetadata -> ViewMedata
 CreateTagsDatasets -> AddTag
 DeleteTagsDatasets -> DeleteTag
 ShowTags -> ViewTags
 UpdateDatasetInformation -> EditDataset
 UpdateLicense -> EditLicense
 CreateComments -> CreateComment
 RemoveComments -> DeleteComment
 EditComments -> EditComment
 CreateNotes -> CrateNote
 AddSections -> AddSection
 GetSections -> VieSections
 CreateTagsSections -> AddTag
 DeleteTagsSections -> Delete Tag
 CreateFiles -> AddFile
 DeleteFiles -> DeleteFile
 ListFiles-> *Remove* (everyone should be able to)
 ExtractMetadata -> ViewMetadata
 AddFilesMetadata -> AddMetadata
 ShowFilesMetadata -> ViewMetadata
 ShowFile -> ViewFile
 SearchFiles -> ViewFile
 CreateTagsFiles -> AddTag
 DeleteTagsFiles -> DeleteTag
 CreateStreams -> CreateGeoTemporalStream
 AddDataPoints -> CreateGeoTemporalDatapoint
 SearchStreams -> ViewGeoTemporalStream
 AddZoomTile -> CreatePreview
 Add3DTexture -> CreatePreview
 AddIndex -> CreateIndex
 CreateSensors -> CreateGeoTemporalSensor
 ListSensors -> ViewGeoTemporalSensor
 GetSensors -> ViewGeoTemporalSensor
 SearchSensor -> ViewGeoTemporalSensor
 RemoveSensors -> ViewGeoTemporalSensor
 AddThumbnail -> CreatePreview
 DownloadFiles -> *Same*
 GetUser -> ViewUser
 AddProject -> EditUser
 AddInstitution -> EditUser
 UserAdmin -> *Remove* (only superadmins should be able to do this)