[GeoNetwork-devel] About metadata insert permissions (diffs with Import metadata and CSW-T Insert)

Hi

Here are some test on permissions set when using metadata import and CSW-Transaction Insert. There’re some differences that I think should be unified. Please if can check for opinion:

Users: editor1 and editor2 in same group

1) Import metadata with editor1

All permissions set for user group

1.1) editor1 can edit and delete it

1.2) editor2 can edit, but not delete (a check to display Delete button only for owner prevents to show button).

But calling in URL metadata.delete service for the metadata succeeds. This seem incoherent, I think any user in same group should be able to delete it, or at least protect service to check owner.

I agree.

2) CSW-T with editor1

No permissions set.

2.1) editor1 can edit and delete it

2.2) editor2 can not even display it in GeoNetwork or using GetRecordById request

I think should add same permissions as in previous point (all permissions for user group)

I agree again, one question. In normal import and create (non-csw) one can define the group to add the metadata to. How is this controlled with CSW-T?

3) CSW-T with editor1 with Inserted metadata is public (Transaction) enabled

Permissions set to view for group ALL (as per previous setting)

3.1) editor1 can edit and delete it

3.2) editor2 can display it, but can’t edit/delete it in GeoNetwork

3.3) editor2 can edit with CSW, but can not delete it

I think should add these permissions: view for group ALL and also all permissions for user group

Again I agree.

Hi Jesse

Thanks for feedback, lets see if other developers provide additional feedback and will manage to unify all these permissions.

Related to CSW-T and the assigned owner group, sure it’s not possible to set in CSW request. Now what is done in the code is use the first group of the user as metadata owner group. Not perfect, but better than older versions of GeoNetwork that assigned the Sample group.

Regards,
Jose García

On Wed, Oct 24, 2012 at 9:40 AM, Jesse Eichar <jesse.eichar@anonymised.com> wrote:

Hi

Here are some test on permissions set when using metadata import and CSW-Transaction Insert. There’re some differences that I think should be unified. Please if can check for opinion:

Users: editor1 and editor2 in same group

1) Import metadata with editor1

All permissions set for user group

1.1) editor1 can edit and delete it

1.2) editor2 can edit, but not delete (a check to display Delete button only for owner prevents to show button).

But calling in URL metadata.delete service for the metadata succeeds. This seem incoherent, I think any user in same group should be able to delete it, or at least protect service to check owner.

I agree.

2) CSW-T with editor1

No permissions set.

2.1) editor1 can edit and delete it

2.2) editor2 can not even display it in GeoNetwork or using GetRecordById request

I think should add same permissions as in previous point (all permissions for user group)

I agree again, one question. In normal import and create (non-csw) one can define the group to add the metadata to. How is this controlled with CSW-T?

3) CSW-T with editor1 with Inserted metadata is public (Transaction) enabled

Permissions set to view for group ALL (as per previous setting)

3.1) editor1 can edit and delete it

3.2) editor2 can display it, but can’t edit/delete it in GeoNetwork

3.3) editor2 can edit with CSW, but can not delete it

I think should add these permissions: view for group ALL and also all permissions for user group

Again I agree.


GeoCat Bridge for ArcGIS allows instant publishing of data and metadata on GeoServer and GeoNetwork. Visit http://geocat.net for details.


Jose García
GeoCat bv
Veenderweg 13
6721 WD Bennekom
The Netherlands
http://GeoCat.net

Hi,

2012/10/24 Jesse Eichar <jesse.eichar@anonymised.com>:

Hi

Here are some test on permissions set when using metadata import and
CSW-Transaction Insert. There're some differences that I think should be
unified. Please if can check for opinion:

Users: editor1 and editor2 in same group

1) Import metadata with editor1

All permissions set for user group

Here I think we should provide options to only set permissions to the
editor or to all members of the "groupOwner" (which is the group
selected on creation).

1.1) editor1 can edit and delete it

1.2) editor2 can edit, but not delete (a check to display Delete button
only for owner prevents to show button).

But calling in URL metadata.delete service for the metadata succeeds. This
seem incoherent, I think any user in same group should be able to delete it,

I agree for any user in same group with editing privilege

or at least protect service to check owner.

I agree.

2) CSW-T with editor1

No permissions set.

2.1) editor1 can edit and delete it

2.2) editor2 can not even display it in GeoNetwork or using GetRecordById
request

I think should add same permissions as in previous point (all permissions
for user group)

I agree again, one question. In normal import and create (non-csw) one can
define the group to add the metadata to. How is this controlled with CSW-T?

I don't think it is.
CSW-T does not define anything about permissions and is not aware of
groups so a CSW-T client should probably use the privileges services
to do what they want. We could define a default behavior but it will
never match all use case.

Cheers

Francois

3) CSW-T with editor1 with Inserted metadata is public (Transaction)
enabled

Permissions set to view for group ALL (as per previous setting)

3.1) editor1 can edit and delete it

3.2) editor2 can display it, but can't edit/delete it in GeoNetwork

3.3) editor2 can edit with CSW, but can not delete it

I think should add these permissions: view for group ALL and also all
permissions for user group

Again I agree.