Commit 7d5bc522 by Tom Laudeman

Update privs and roles, link docs together

parent 4494b378
...@@ -175,12 +175,18 @@ embargo, enroll, assign. It seems like a nice idea to enshrine this as a convent ...@@ -175,12 +175,18 @@ embargo, enroll, assign. It seems like a nice idea to enshrine this as a convent
"administrator" to "administer", and we need to come up with a verbs for the remaining privileges, especially "administrator" to "administer", and we need to come up with a verbs for the remaining privileges, especially
"affiliation".) "affiliation".)
Note that privileges are granualar, and each privilege must exist only once. Having one privilege does not
imply having another. The Roles (a bit further below) deal with combinations of privileges.
#### Privilege table
| Privilege | Privilege Description | | Privilege | Privilege Description |
|----------------------------------+----------------------------------------------------------------------------| |----------------------------------+----------------------------------------------------------------------------|
| Research | Use discovery interface and dashboard, has an account | | Research | Use discovery interface and dashboard, has an account |
| Contribute | Create and edit constellations but cannot publish (contributor) | | Contribute (June 2016) | Simplfied create |
| Publish | Approve constellation publication, change status to "published" (editor) | | Edit (June 2016) | Edit constellations |
| Suggest edits (June 2016) | Suggest edits, implies a mechanism to send suggestions to Edit |
| Publish (June 2016) | Review, approve, publish, change status to "published" |
| Change status any | Change any status, removing locks, and so on, any affiliation | | Change status any | Change any status, removing locks, and so on, any affiliation |
| Change owner any | Change constellation user, changing which user has a lock, any affiliation | | Change owner any | Change constellation user, changing which user has a lock, any affiliation |
| Change status own | Change any status, removing locks, and so on, own affiliation only | | Change status own | Change any status, removing locks, and so on, own affiliation only |
...@@ -224,30 +230,36 @@ Remember, the table below is only a guess or approximation of real world roles. ...@@ -224,30 +230,36 @@ Remember, the table below is only a guess or approximation of real world roles.
open to expanding the requirements to be as complete as possible. (Although not all requirements will open to expanding the requirements to be as complete as possible. (Although not all requirements will
necessarily ever become features of SNAC.) necessarily ever become features of SNAC.)
#### Role table
| Role | Privilege(s) | User Description |
|----------------------------+-----------------------------------------------------+--------------------------------------------------------|
| Sysadmin | System administrator | Maintain server, backups, etc. | | Role | Privilege(s) | User Description |
| Database Administrator | DBA | Schema maintenance, data dumps, etc. | |--------------------------------+-----------------------------------------------------+--------------------------------------------------------|
| Software engineer | Developer + DBA | Coding, testing, QA, release, data loading, etc. | | Sysadmin | System administrator | Maintain server, backups, etc. |
| Manager | Enroll + Privilege assign own + Report own | Create, manage, assign privileges, run reports | | Database Administrator | DBA | Schema maintenance, data dumps, etc. |
| Peer vetting | Enroll | Approve moderators, reviewers, content experts | | Software engineer | Developer + DBA | Coding, testing, QA, release, data loading, etc. |
| Moderator | Publish | Approve maintenance changes, posting those changes | | Manager | Enroll + Privilege assign own + Report own | Create, manage, assign privileges, run reports |
| Reviewer/editor | Contribute + publish | Maintainer privileges, interacts with moderators | | Peer vetting | Enroll | Approve moderators, reviewers, content experts |
| Content expert | Contribute | Domain expert, may have zero institutional privileges | | Editor (June 2016) | Contribute + Publish | Same privilges as Reviewer |
| Documentary editor | Contribute | (Any distinguishing privileges?) | | Moderator | Publish | Approve maintenance changes, posting those changes |
| Maintenance | Contribute | Constellation edit, maintain constellations. | | Reviewer/editor | Contribute + publish | Maintainer privileges, interacts with moderators |
| Research | Research | Use the discovery interface and history dashboard | | Editor in Training (June 2016) | Contribute | Editor, no publish, training to be Editor |
| Archival description donor | Block upload | May do bulk uploads of EAC-CPF, finding aids, etc. | | Contributor (June 2016) | Simplified Create + Suggest Edits | Basic contributor, creator of constellations |
| Name authority manager | Name authority | (superseded by Editor-NACO?) | | Content expert | Contribute | Domain expert, may have zero institutional privileges |
| Institutional admins | Report own | May run own-institutional reports | | Documentary editor | Contribute | (Any distinguishing privileges?) |
| Public | n/a | No SNAC account, single session dashboard | | Maintenance | Contribute | Constellation edit, maintain constellations. |
| Contributor | Contribute + Ontology propose | Creates/edit constellations, propose ontology headings | | Research | Research | Use the discovery interface and history dashboard |
| Author | Contribute + Publish + Propose Del/Emb+Propose NACO | Contribute, with additional privileges | | Archival description donor | Block upload | May do bulk uploads of EAC-CPF, finding aids, etc. |
| Editor | Contribute + Publish + Delete/embargo + NACO | Review constellations, approve and publish | | Name authority manager | Name authority | (superseded by Editor-NACO?) |
| Author-NACO | Propose NACO | Creates NACO entries, sends to editor for submission | | Institutional admins | Report own | May run own-institutional reports |
| Administrator | Contributor + Editor privileges + enroll + assign | Everything, only own institution | | Public | n/a | No SNAC account, single session dashboard |
| Administrator-super | Administrator + any institution | Admin+ assign privileges, any user, any institution | | Contributor | Contribute + Ontology propose | Creates/edit constellations, propose ontology headings |
| Author | Contribute + Publish + Propose Del/Emb+Propose NACO | Contribute, with additional privileges |
| Editor | Contribute + Publish + Delete/embargo + NACO | Review constellations, approve and publish |
| Author-NACO | Propose NACO | Creates NACO entries, sends to editor for submission |
| Administrator | Contributor + Editor privileges + enroll + assign | Everything, only own institution |
| Administrator-super | Administrator + any institution | Admin+ assign privileges, any user, any institution |
| | | |
### API ### API
......
...@@ -5,7 +5,8 @@ ...@@ -5,7 +5,8 @@
Authentication is: "validating user logins to the system." Authorization is: "privileges Authentication is: "validating user logins to the system." Authorization is: "privileges
allowing user access to system features." allowing user access to system features."
We are using OpenID for authentication, but we need a user profile for SNAC roles and authorization. We are using OpenID for authentication, but we need a user profile for SNAC privileges (authorization) and
roles (groups of privileges).
OpenID seems to constantly be changing, and sites using it change frequently. Google has (apparently) OpenID seems to constantly be changing, and sites using it change frequently. Google has (apparently)
deprecated OpenID 2.0 in favor of Open Connect. Facebook is using something else, but apparently FB still deprecated OpenID 2.0 in favor of Open Connect. Facebook is using something else, but apparently FB still
...@@ -16,42 +17,41 @@ see how much work it was to support the various OpenID partners. ...@@ -16,42 +17,41 @@ see how much work it was to support the various OpenID partners.
### Authorization ### Authorization
Authorization involves controlling what users can do once they are in the system. That function is sort of Authorization involves controlling what users can do once they are in the system. That function is sort of
more solved by OAuth or OpenID by sharing the user profile. However, SNAC has specific roles which will not be more solved by OAuth or OpenID by sharing the user profile. However, SNAC has specific privileges which will
found in any other system. not be found in any other system.
By default, the lowest privileged users can't do anything that isn't available to the non-authenticated public By default, the lowest privileged users can't do anything that isn't available to the non-authenticated public
users. Privileges are added and users are given roles from which they inherit privileges. The authorization users. Privileges are added to roles (groups) and users are given roles from which they inherit sets of
system is involved in every transaction with the server to the extent that every request to the server is privileges. The authorization system is involved in every transaction with the server to the extent that every
checked for authorization before being passed to the code doing the real work. (Every request is also checked request to the server is checked for authorization before being passed to the code doing the real work. (Every
for authentication as well, naturally.) request is also checked for authentication as well, naturally.)
### Roles analagous to groups ### Roles analagous to groups
The Linux model of three privilege types "user", "group", and "other" works well for authorization permissions The Linux model of three privilege types "user", "group", and "other" works well for authorization permissions
and we should use this model, albeit somewhat simplfied. "User" is an authenticated user. "Group" is a set of and we should use this model, albeit somewhat simplfied. "User" is an authenticated user. "Group" becomes
users, and a user may belong to several groups. In SNAC and the non-Linux world "group" is known as "role", so "Role" and is a set of users, and a user may belong to several groups. Privileges are carried by roles, and
SNAC will call them "roles". "Other" privileges don't apply to SNAC. Non-authenticated users have the users are members of one or more roles. In SNAC and the non-Linux world "group" is known as "role", so SNAC
"researcher" role. will call them "roles". "Other" privileges don't apply to SNAC. Non-authenticated users have the "researcher"
role.
### Roles and privileged application features ### Roles and privileged application features
Each feature has a list of one or more authorized roles which may access that feature. Each feature has a list of one or more authorized roles which may access that feature.
Users can have several roles, and will have all the privileges (access to features) of all their roles. Role Users can have several roles, and will have all the privileges (access to features) of all their roles. Role
membership is managed by an administrative user interfac (probably part of the dashboard, or there will be a membership is managed by an administrative user interface (probably part of the dashboard, or there will be a
special admin dashboard) and related API code. Our system allows access to every feature associated with any special admin dashboard) and related API code. Our system allows access to every feature associated with any
user role. (Just an aside: some high-security systems restrict access to the least privileged role; like user role. (Just an aside: some high-security systems restrict access to the least privileged role, like
Linux, SNAC has a different model.) User information such as name, phone number, and even password can Linux; SNAC has a different model.) User information such as name, phone number, and even password can
change. User ID values cannot be changed, and a user ID is never reused, even after account deletion. change. User ID values cannot be changed, and a user ID is never reused, even after account deletion.
We expect to create additional roles as necessary for application functions. We expect to create additional roles as necessary for application functions.
Roles include a large number "is instution member" roles. These should be roles like any other, but we may Historically, there was a suggestion that users could be affiliated with multiple institutions. This is not
want to flag these role records to make them easy to manage and easy to display in the UI. Any user can have practical. Any user zero or one institutional affiliation. This primarily effects reporting and admin. In the
zero or more roles that define their instutional affiliation. This primarily effects reporting and admin. In case of reports, membership in an institution constrains the some aspects of some reports. Certain reports may
the case of reports, membership in an institution constrains the reporting. When setting up a report, users auto-detect the user's institutional affiliation.
may only choose from institutions of which they are members. Some reports may auto-detect the user's
membership.
When we refer to "accounts" we mean web accounts managed by the Manager/Web admin. The general When we refer to "accounts" we mean web accounts managed by the Manager/Web admin. The general
public can use the discovery interface without an account, but saving search history, and other public can use the discovery interface without an account, but saving search history, and other
...@@ -59,26 +59,28 @@ session related discovery tools requires an account. It is technically possible ...@@ -59,26 +59,28 @@ session related discovery tools requires an account. It is technically possible
dashboard. Although that has not been mentioned as a requirement and is probably a low priority, it might be dashboard. Although that has not been mentioned as a requirement and is probably a low priority, it might be
almost trivial to implement. almost trivial to implement.
### Tables of roles and user types ### Tables of privileges and roles
Every account will be in the "Researcher" role which has the same privileges as the general public, but with a Every account will be in the "Researcher" role which has the same privileges as the general public, but with a
TBD set of basic privileges including: search history, certain researcher reports. TBD set of basic privileges including: search history, certain researcher reports.
See the two tables "Role" and "User type" in the "DBUser API" documentation: See the two tables "Privilege" and "Role" in the "DBUser API" documentation:
[Role in Database User API](Requirements/DBUser API.md#roles) [Privilege table](Requirements/DBUser API.md#privilege_table)
Remember: institutional affiliation roles aren't all listed in the tables. There will be one institutional [Role table](Requirements/DBUser API.md#role_table)
affiliation role per institution. Users may have zero, one, or several institutional roles that define
insitutions with which the user is affiliated.
It is possible for an institutional administrator to also be a member of more than one Remember: institutional affiliation roles listed. Users may have zero, or one role that define insitutions
institution. Institutional Admins have abilities: with which the user is affiliated. Our current direction is not to support multiple institutional affiliations
because this creates many problems. User who have multiple affiliations need to have separate logins for each
affiliation.
Institutional Admins have abilities:
- view membership lists of their institution(s) - view membership lists of their institution(s)
- add or remove their instutional role for users. - add or remove their instutional role for users.
Roles which require one or more instutitutional roles (affiliation): Privileges which require and instutitutional affiliation:
- Block upload - Block upload
- Name authority - Name authority
......
...@@ -187,31 +187,43 @@ When command-login2 is true, the resulting worker might better be split into sev ...@@ -187,31 +187,43 @@ When command-login2 is true, the resulting worker might better be split into sev
Here command-unlock is split into tests and workers: unlock-constellation, if-error, redirect-dashboard, Here command-unlock is split into tests and workers: unlock-constellation, if-error, redirect-dashboard,
return-json. Alternatively, these 4 functions might all be inside a single worker. return-json. Alternatively, these 4 functions might all be inside a single worker.
Looking at this table you must keep in mind that this is the webUI, and "return" is "send data to web browser"
| state | test | worker | next-state | or "send data to web template". Unlock is change status from "currently editing" to "locked editing".
|--------+----------------------+------------------------------------------------------------+------------|
| start | empty-session | init-and-home | done | Things to do: change command-save-unlock to save-constellation then go to state unlock. In other words, create
| start | | non-empty-start-snac-session | do-cmd | granular workers, and use them as building blocks. Workers here are based on what happens in run() in
| do-cmd | command-login | destroy-session-and-redirect-home | done | WebUI.php.
| do-cmd | command-login2 | login-start-snac-session-serialize-user-redirect-dashboard | done |
| do-cmd | command-logout | logout-destroy-session-and-redirect-index | done |
| do-cmd | command-edit | display-edit-page | done | | state | test | worker | next-state |
| do-cmd | command-new | display-new-edit-page | done | |-----------------+----------------------+------------------------------------------------------------+-----------------|
| do-cmd | command-view | display-view-page | done | | start | empty-session | init-and-home | done |
| do-cmd | command-preview | display-preview-page | done | | start | | non-empty-start-snac-session | do-cmd |
| do-cmd | command-dashboard | display-dashboard | done | | do-cmd | command-login | destroy-session-and-redirect-home | done |
| do-cmd | command-profile | display-profile | done | | do-cmd | command-login2 | login-start-snac-session-serialize-user-redirect-dashboard | done |
| do-cmd | command-save | save-constellation-return-json | done | | do-cmd | command-logout | logout-destroy-session-and-redirect-index | done |
| do-cmd | command-save-unlock | save-unlock-return-json | done | | do-cmd | command-edit | display-edit-page | done |
| do-cmd | command-unlock | unlock-constellation | unlock | | do-cmd | command-new | display-new-edit-page | done |
| do-cmd | command-save-publish | save-publish-return-json | done | | do-cmd | command-view | display-view-page | done |
| do-cmd | command-publish | publish-return-json | done | | do-cmd | command-preview | display-preview-page | done |
| do-cmd | command-vocabulary | vocabulary-search-return-json | done | | do-cmd | command-dashboard | | dashboard |
| do-cmd | command-search | name-search-return-json | done | | do-cmd | command-profile | display-profile | done |
| do-cmd | | display-landing-page | done | | do-cmd | command-save-profile | save-profile | done |
| unlock | if-error | redirect-dashboard | done | | do-cmd | command-save | save-constellation | done |
| unlock | | return-json | done | | do-cmd | command-save-unlock | save-unlock | done |
| done | | exit | | | do-cmd | command-unlock | unlock-constellation | unlock |
| do-cmd | command-save-publish | save-publish | done |
| do-cmd | command-save-review | save-constellation | review |
| do-cmd | command-publish | publish | dashboard |
| do-cmd | command-vocabulary | vocabulary-search | done |
| do-cmd | command-search | name-search | done |
| do-cmd | | display-landing-page | done |
| unlock | if-error | redirect-dashboard | done |
| unlock | | return-json | done |
| review | | relock-to-reviewer | notify-reviewer |
| notify-reviewer | | notify-reviewer | dashboard |
| dashboard | | display-dashboard | done |
| done | | exit | |
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment