...
- Implement access control only at the level of spaces
- Datasets and collections authorization is based on space
- For resources in multiple spaces take the union of permissions
- Only the owner can add a dataset/collection to a new space
- In a world where resources can be in multiple spaces, spaces becomes a view into the data, not a simple self contained place
- What happens if D1 is in C1, C1 is in S1, but D1 is not in S1?
- Publishing a dataset or collection for public viewing will be done as a separate feature from managing permission on a space level
Permissions Cleanup:
(Note this is the list from api.Permissions.Permission. It's pretty low lever and it's what controller look for in the case of secured actions)
Public -> Public (will eventually be removed)
Admin -> *Keep*
CreateCollections -> CreateCollection
DeleteCollections -> DeleteCollection
EditCollection -> *Keep*
ListCollections -> *Remove* (see ViewSpace)
ShowCollection -> ViewCollection
CreateSpaces -> CreateSpace
UpdateSpaces -> EditSpace
DeleteSpaces -> DeleteSpace
EditSpace -> *Keep*
ListSpaces -> *Remove*
ShowSpace -> ViewSpace
CreateDatasets -> CreateDataset
DeleteDatasets -> DeleteDataset
ListDatasets -> *Remove* (see ViewSpace)
ShowDataset -> ViewDataset
SearchDatasets -> ViewDataset
AddDatasetsMetadata -> AddMetadata
ShowDatasetsMetadata -> ViewMedata
CreateTagsDatasets -> AddTag
DeleteTagsDatasets -> DeleteTag
ShowTags -> ViewTags
UpdateDatasetInformation -> EditDataset
UpdateLicense -> EditLicense
CreateComments -> CreateComment
RemoveComments -> DeleteComment
EditComments -> EditComment
CreateNotes -> CrateNote
AddSections -> AddSection
GetSections -> VieSections
CreateTagsSections -> AddTag
DeleteTagsSections -> Delete Tag
CreateFiles -> AddFile
DeleteFiles -> DeleteFile
ListFiles-> *Remove* (everyone should be able to)
ExtractMetadata -> ViewMetadata
AddFilesMetadata -> AddMetadata
ShowFilesMetadata -> ViewMetadata
ShowFile -> ViewFile
SearchFiles -> ViewFile
CreateTagsFiles -> AddTag
DeleteTagsFiles -> DeleteTag
CreateStreams -> CreateGeoTemporalStream
AddDataPoints -> CreateGeoTemporalDatapoint
SearchStreams -> ViewGeoTemporalStream
AddZoomTile -> CreatePreview
Add3DTexture -> CreatePreview
AddIndex -> CreateIndex
CreateSensors -> CreateGeoTemporalSensor
ListSensors -> ViewGeoTemporalSensor
GetSensors -> ViewGeoTemporalSensor
SearchSensor -> ViewGeoTemporalSensor
RemoveSensors -> ViewGeoTemporalSensor
AddThumbnail -> CreatePreview
DownloadFiles -> *Same*
GetUser -> ViewUser
AddProject -> EditUser
AddInstitution -> EditUser
UserAdmin -> Admin
New List:
val Public, // Page is public accessible, i.e. no login needed
Admin,
// spaces
ViewSpace,
CreateSpace,
DeleteSpace,
EditSpace,
// datasets
ViewDataset,
CreateDataset,
DeleteDataset,
EditDataset,
// collections
ViewCollection,
CreateCollection,
DeleteCollection,
EditCollection,
// files
AddFile,
DeleteFile,
ViewFile,
DownloadFiles,
EditLicense,
CreatePreview, // Used by extractors
MultimediaIndexDocument,
CreateNote,
// sections
CreateSection,
ViewSection,
DeleteSection, // FIXME: Unused right now
EditSection, // FIXME: Unused right now
// metadata
AddMetadata,
ViewMetadata,
DeleteMetadata, // FIXME: Unused right now
EditMetadata, // FIXME: Unused right now
// social annotation
AddTag,
DeleteTag,
ViewTags,
AddComment,
DeleteComment,
EditComment,
// geostreaming api
GSCreateStream,
GSAddDatapoint,
GSViewDatapoints,
GSAddSensor,
GSViewSensor,
GSDeleteSensor,
// users
ViewUser,
EditUser = Value