Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Documentation
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Rachael Hu
Documentation
Commits
7d5bc522
Commit
7d5bc522
authored
Jun 14, 2016
by
Tom Laudeman
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update privs and roles, link docs together
parent
4494b378
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
66 additions
and
40 deletions
+66
-40
DBUser API.md
Requirements/DBUser API.md
+15
-3
User Management.md
Requirements/User Management.md
+31
-29
Workflow Engine.md
Specifications/Workflow Engine.md
+20
-8
No files found.
Requirements/DBUser API.md
View file @
7d5bc522
...
...
@@ -175,12 +175,18 @@ embargo, enroll, assign. It seems like a nice idea to enshrine this as a convent
"administrator" to "administer", and we need to come up with a verbs for the remaining privileges, especially
"affiliation".)
Note that privileges are granualar, and each privilege must exist only once. Having one privilege does not
imply having another. The Roles (a bit further below) deal with combinations of privileges.
#### Privilege table
| Privilege | Privilege Description |
|----------------------------------+----------------------------------------------------------------------------|
| Research | Use discovery interface and dashboard, has an account |
| Contribute | Create and edit constellations but cannot publish (contributor) |
| Publish | Approve constellation publication, change status to "published" (editor) |
| Contribute (June 2016) | Simplfied create |
| Edit (June 2016) | Edit constellations |
| Suggest edits (June 2016) | Suggest edits, implies a mechanism to send suggestions to Edit |
| Publish (June 2016) | Review, approve, publish, change status to "published" |
| Change status any | Change any status, removing locks, and so on, any affiliation |
| Change owner any | Change constellation user, changing which user has a lock, any affiliation |
| Change status own | Change any status, removing locks, and so on, own affiliation only |
...
...
@@ -224,16 +230,21 @@ Remember, the table below is only a guess or approximation of real world roles.
open to expanding the requirements to be as complete as possible. (Although not all requirements will
necessarily ever become features of SNAC.)
#### Role table
| Role | Privilege(s) | User Description |
|----------------------------+-----------------------------------------------------+--------------------------------------------------------|
|----------------------------
----
+-----------------------------------------------------+--------------------------------------------------------|
| Sysadmin | System administrator | Maintain server, backups, etc. |
| Database Administrator | DBA | Schema maintenance, data dumps, etc. |
| Software engineer | Developer + DBA | Coding, testing, QA, release, data loading, etc. |
| Manager | Enroll + Privilege assign own + Report own | Create, manage, assign privileges, run reports |
| Peer vetting | Enroll | Approve moderators, reviewers, content experts |
| Editor (June 2016) | Contribute + Publish | Same privilges as Reviewer |
| Moderator | Publish | Approve maintenance changes, posting those changes |
| Reviewer/editor | Contribute + publish | Maintainer privileges, interacts with moderators |
| Editor in Training (June 2016) | Contribute | Editor, no publish, training to be Editor |
| Contributor (June 2016) | Simplified Create + Suggest Edits | Basic contributor, creator of constellations |
| Content expert | Contribute | Domain expert, may have zero institutional privileges |
| Documentary editor | Contribute | (Any distinguishing privileges?) |
| Maintenance | Contribute | Constellation edit, maintain constellations. |
...
...
@@ -248,6 +259,7 @@ necessarily ever become features of SNAC.)
| Author-NACO | Propose NACO | Creates NACO entries, sends to editor for submission |
| Administrator | Contributor + Editor privileges + enroll + assign | Everything, only own institution |
| Administrator-super | Administrator + any institution | Admin+ assign privileges, any user, any institution |
| | | |
### API
...
...
Requirements/User Management.md
View file @
7d5bc522
...
...
@@ -5,7 +5,8 @@
Authentication is: "validating user logins to the system." Authorization is: "privileges
allowing user access to system features."
We are using OpenID for authentication, but we need a user profile for SNAC roles and authorization.
We are using OpenID for authentication, but we need a user profile for SNAC privileges (authorization) and
roles (groups of privileges).
OpenID seems to constantly be changing, and sites using it change frequently. Google has (apparently)
deprecated OpenID 2.0 in favor of Open Connect. Facebook is using something else, but apparently FB still
...
...
@@ -16,42 +17,41 @@ see how much work it was to support the various OpenID partners.
### Authorization
Authorization involves controlling what users can do once they are in the system. That function is sort of
more solved by OAuth or OpenID by sharing the user profile. However, SNAC has specific
roles which will not be
found in any other system.
more solved by OAuth or OpenID by sharing the user profile. However, SNAC has specific
privileges which will
not be
found in any other system.
By default, the lowest privileged users can't do anything that isn't available to the non-authenticated public
users. Privileges are added
and users are given roles from which they inherit privileges. The authorization
system is involved in every transaction with the server to the extent that every request to the server is
checked for authorization before being passed to the code doing the real work. (Every request is also checked
for authentication as well, naturally.)
users. Privileges are added
to roles (groups) and users are given roles from which they inherit sets of
privileges. The authorization system is involved in every transaction with the server to the extent that every
request to the server is checked for authorization before being passed to the code doing the real work. (Every
request is also checked
for authentication as well, naturally.)
### Roles analagous to groups
The Linux model of three privilege types "user", "group", and "other" works well for authorization permissions
and we should use this model, albeit somewhat simplfied. "User" is an authenticated user. "Group" is a set of
users, and a user may belong to several groups. In SNAC and the non-Linux world "group" is known as "role", so
SNAC will call them "roles". "Other" privileges don't apply to SNAC. Non-authenticated users have the
"researcher" role.
and we should use this model, albeit somewhat simplfied. "User" is an authenticated user. "Group" becomes
"Role" and is a set of users, and a user may belong to several groups. Privileges are carried by roles, and
users are members of one or more roles. In SNAC and the non-Linux world "group" is known as "role", so SNAC
will call them "roles". "Other" privileges don't apply to SNAC. Non-authenticated users have the "researcher"
role.
### Roles and privileged application features
Each feature has a list of one or more authorized roles which may access that feature.
Users can have several roles, and will have all the privileges (access to features) of all their roles. Role
membership is managed by an administrative user interfac (probably part of the dashboard, or there will be a
membership is managed by an administrative user interfac
e
(probably part of the dashboard, or there will be a
special admin dashboard) and related API code. Our system allows access to every feature associated with any
user role. (Just an aside: some high-security systems restrict access to the least privileged role
;
like
Linux
,
SNAC has a different model.) User information such as name, phone number, and even password can
user role. (Just an aside: some high-security systems restrict access to the least privileged role
,
like
Linux
;
SNAC has a different model.) User information such as name, phone number, and even password can
change. User ID values cannot be changed, and a user ID is never reused, even after account deletion.
We expect to create additional roles as necessary for application functions.
Roles include a large number "is instution member" roles. These should be roles like any other, but we may
want to flag these role records to make them easy to manage and easy to display in the UI. Any user can have
zero or more roles that define their instutional affiliation. This primarily effects reporting and admin. In
the case of reports, membership in an institution constrains the reporting. When setting up a report, users
may only choose from institutions of which they are members. Some reports may auto-detect the user's
membership.
Historically, there was a suggestion that users could be affiliated with multiple institutions. This is not
practical. Any user zero or one institutional affiliation. This primarily effects reporting and admin. In the
case of reports, membership in an institution constrains the some aspects of some reports. Certain reports may
auto-detect the user's institutional affiliation.
When we refer to "accounts" we mean web accounts managed by the Manager/Web admin. The general
public can use the discovery interface without an account, but saving search history, and other
...
...
@@ -59,26 +59,28 @@ session related discovery tools requires an account. It is technically possible
dashboard. Although that has not been mentioned as a requirement and is probably a low priority, it might be
almost trivial to implement.
### Tables of
roles and user typ
es
### Tables of
privileges and rol
es
Every account will be in the "Researcher" role which has the same privileges as the general public, but with a
TBD set of basic privileges including: search history, certain researcher reports.
See the two tables "
Role" and "User typ
e" in the "DBUser API" documentation:
See the two tables "
Privilege" and "Rol
e" in the "DBUser API" documentation:
[
Role in Database User API
](
Requirements/DBUser
API.md#roles
)
[
Privilege table
](
Requirements/DBUser
API.md#privilege_table
)
Remember: institutional affiliation roles aren't all listed in the tables. There will be one institutional
affiliation role per institution. Users may have zero, one, or several institutional roles that define
insitutions with which the user is affiliated.
[
Role table
](
Requirements/DBUser
API.md#role_table)
It is possible for an institutional administrator to also be a member of more than one
institution. Institutional Admins have abilities:
Remember: institutional affiliation roles listed. Users may have zero, or one role that define insitutions
with which the user is affiliated. Our current direction is not to support multiple institutional affiliations
because this creates many problems. User who have multiple affiliations need to have separate logins for each
affiliation.
Institutional Admins have abilities:
-
view membership lists of their institution(s)
-
add or remove their instutional role for users.
Roles which require one or more instutitutional roles (affiliation)
:
Privileges which require and instutitutional affiliation
:
-
Block upload
-
Name authority
...
...
Specifications/Workflow Engine.md
View file @
7d5bc522
...
...
@@ -187,9 +187,16 @@ When command-login2 is true, the resulting worker might better be split into sev
Here command-unlock is split into tests and workers: unlock-constellation, if-error, redirect-dashboard,
return-json. Alternatively, these 4 functions might all be inside a single worker.
Looking at this table you must keep in mind that this is the webUI, and "return" is "send data to web browser"
or "send data to web template". Unlock is change status from "currently editing" to "locked editing".
Things to do: change command-save-unlock to save-constellation then go to state unlock. In other words, create
granular workers, and use them as building blocks. Workers here are based on what happens in run() in
WebUI.php.
| state | test | worker | next-state |
|--------
+----------------------+------------------------------------------------------------+
------------|
|--------
---------+----------------------+------------------------------------------------------------+-----
------------|
| start | empty-session | init-and-home | done |
| start | | non-empty-start-snac-session | do-cmd |
| do-cmd | command-login | destroy-session-and-redirect-home | done |
...
...
@@ -199,18 +206,23 @@ return-json. Alternatively, these 4 functions might all be inside a single worke
| do-cmd | command-new | display-new-edit-page | done |
| do-cmd | command-view | display-view-page | done |
| do-cmd | command-preview | display-preview-page | done |
| do-cmd
| command-dashboard | display-dashboard | done
|
| do-cmd
| command-dashboard | | dashboard
|
| do-cmd | command-profile | display-profile | done |
| do-cmd | command-save | save-constellation-return-json | done |
| do-cmd | command-save-unlock | save-unlock-return-json | done |
| do-cmd | command-save-profile | save-profile | done |
| do-cmd | command-save | save-constellation | done |
| do-cmd | command-save-unlock | save-unlock | done |
| do-cmd | command-unlock | unlock-constellation | unlock |
| do-cmd | command-save-publish | save-publish-return-json | done |
| do-cmd | command-publish | publish-return-json | done |
| do-cmd | command-vocabulary | vocabulary-search-return-json | done |
| do-cmd | command-search | name-search-return-json | done |
| do-cmd | command-save-publish | save-publish | done |
| do-cmd | command-save-review | save-constellation | review |
| do-cmd | command-publish | publish | dashboard |
| do-cmd | command-vocabulary | vocabulary-search | done |
| do-cmd | command-search | name-search | done |
| do-cmd | | display-landing-page | done |
| unlock | if-error | redirect-dashboard | done |
| unlock | | return-json | done |
| review | | relock-to-reviewer | notify-reviewer |
| notify-reviewer | | notify-reviewer | dashboard |
| dashboard | | display-dashboard | done |
| done | | exit | |
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment