[GeoNetwork-devel] REPEATED CFV : Define more than one profile per user

Dear PSC,

Still looking forward to your votes ...

Regards.

Francois

2012/7/18 Francois Prunayre <fx.prunayre@anonymised.com>:

Hello Heikki,

2012/7/18 heikki <tropicano@anonymised.com>:

hi François,

does it mean that the authorization system is changed so that no longer each
role (administrator, editor, etc.) is a superset of another ?

No. "the profile in the users table is the main profile which means
the profile with the more privileges for the user according to Jeeves
user-profiles settings" but now when a user try to create/insert
metadata there is some extra check that the user :
* is at least an Editor (made by Jeeves as usual)
* is an Editor of that group (which was not the case - currently an
editor can create record in whatever group using the service and the
correct group id, see ticket #979 [1])
so a UserAdmin only will not be able to create a metadata record.

Francois

[1] http://trac.osgeo.org/geonetwork/ticket/979

Because as long as we have that, it seems pointless to be able to have 2
different roles in the same group.

Kind regards
Heikki Doeleman

On Wed, Jul 18, 2012 at 3:48 PM, Francois Prunayre <fx.prunayre@anonymised.com>
wrote:

Thanks for your feedback Jose,

2012/7/18 Jose Garcia <jose.garcia@anonymised.com>:
> Hi Francois
>
> The proposal seem good to me.
>
> Just a question, from the UI screenshot to maintain user information
> seem
> that is possible for a user have several profiles applied for same
> group?
> Not sure if better to restrict for each user 1 profile per group?
No you could be user admin in one group and also editor in the same group.
For example, if you're user admin only, you'll not be able to create a
metadata record, so in some cases, you need to have more than one
profile per group.

Francois

> Regards,
> Jose García
>
> On Thu, Jul 5, 2012 at 6:34 PM, Francois Prunayre
> <fx.prunayre@anonymised.com>
> wrote:
>>
>> Dear PSC,
>>
>> This proposal aims to add the capability to have more than one profile
>> for a user. Catalog users could be:
>> * administrator or
>> * user administrator and/or reviewer and/or editor and/or registered
>> user
>>
>> Thanks Ifremer for funding and Florent for testing.
>>
>> Looking forward to your votes.
>>
>> Regards
>>
>> Francois
>>
>> [1] http://trac.osgeo.org/geonetwork/wiki/proposals/UserProfileByGroup
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond.
>> Discussions
>> will include endpoint security, mobile security and the latest in
>> malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> GeoNetwork-devel mailing list
>> GeoNetwork-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
>> GeoNetwork OpenSource is maintained at
>> http://sourceforge.net/projects/geonetwork
>
>
>
>
> --
> GeoCat Bridge for ArcGIS allows instant publishing of data and metadata
> on
> GeoServer and GeoNetwork. Visit http://geocat.net for details.
> _________________________
> Jose García
> GeoCat bv
> Veenderweg 13
> 6721 WD Bennekom
> The Netherlands
> http://GeoCat.net
>
>

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at
http://sourceforge.net/projects/geonetwork

Hi François,
Sorry for not having reviewed this earlier. The proposal is interesting and useful. At the same time it also seems fairly risky to me and I can't yet see the full impact on the system. You have described a number of changes that are required to keep the system working and I hope you covered all aspects :wink: So for me this will have a +1 vote for trunk (not for integration in a 2.8.x version since I would like to see a lot of testing first.
Cheers,
Jeroen

On 23 aug. 2012, at 14:50, Francois Prunayre wrote:

Dear PSC,

Still looking forward to your votes ...

Regards.

Francois

2012/7/18 Francois Prunayre <fx.prunayre@anonymised.com>:

Hello Heikki,

2012/7/18 heikki <tropicano@anonymised.com>:

hi François,

does it mean that the authorization system is changed so that no longer each
role (administrator, editor, etc.) is a superset of another ?

No. "the profile in the users table is the main profile which means
the profile with the more privileges for the user according to Jeeves
user-profiles settings" but now when a user try to create/insert
metadata there is some extra check that the user :
* is at least an Editor (made by Jeeves as usual)
* is an Editor of that group (which was not the case - currently an
editor can create record in whatever group using the service and the
correct group id, see ticket #979 [1])
so a UserAdmin only will not be able to create a metadata record.

Francois

[1] #979 (Privileges / Editor could create metadata in groups there are not member of) – GeoNetwork opensource Developer website

Because as long as we have that, it seems pointless to be able to have 2
different roles in the same group.

Kind regards
Heikki Doeleman

On Wed, Jul 18, 2012 at 3:48 PM, Francois Prunayre <fx.prunayre@anonymised.com.>
wrote:

Thanks for your feedback Jose,

2012/7/18 Jose Garcia <jose.garcia@anonymised.com>:

Hi Francois

The proposal seem good to me.

Just a question, from the UI screenshot to maintain user information
seem
that is possible for a user have several profiles applied for same
group?
Not sure if better to restrict for each user 1 profile per group?

No you could be user admin in one group and also editor in the same group.
For example, if you're user admin only, you'll not be able to create a
metadata record, so in some cases, you need to have more than one
profile per group.

Francois

Regards,
Jose García

On Thu, Jul 5, 2012 at 6:34 PM, Francois Prunayre
<fx.prunayre@anonymised.com>
wrote:

Dear PSC,

This proposal aims to add the capability to have more than one profile
for a user. Catalog users could be:
* administrator or
* user administrator and/or reviewer and/or editor and/or registered
user

Thanks Ifremer for funding and Florent for testing.

Looking forward to your votes.

Regards

Francois

[1] proposals/UserProfileByGroup – GeoNetwork opensource Developer website

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond.
Discussions
will include endpoint security, mobile security and the latest in
malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at
http://sourceforge.net/projects/geonetwork

--
GeoCat Bridge for ArcGIS allows instant publishing of data and metadata
on
GeoServer and GeoNetwork. Visit http://geocat.net for details.
_________________________
Jose García
GeoCat bv
Veenderweg 13
6721 WD Bennekom
The Netherlands
http://GeoCat.net

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at
http://sourceforge.net/projects/geonetwork

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

Hello Jeroen,

2012/8/23 Jeroen Ticheler <jeroen.ticheler@anonymised.com>:

Hi François,
Sorry for not having reviewed this earlier. The proposal is interesting and useful. At the same time it also seems fairly risky to me and I can't yet see the full impact on the system. You have described a number of changes that are required to keep the system working and I hope you covered all aspects :wink:

It's under test here in some nodes so I hope too !

So for me this will have a +1 vote for trunk (not for integration in a 2.8.x version since I would like to see a lot of testing first.

I agree with you to not push that to 2.8.x branches.

Thanks.

Francois

Cheers,
Jeroen

On 23 aug. 2012, at 14:50, Francois Prunayre wrote:

Dear PSC,

Still looking forward to your votes ...

Regards.

Francois

2012/7/18 Francois Prunayre <fx.prunayre@anonymised.com>:

Hello Heikki,

2012/7/18 heikki <tropicano@anonymised.com>:

hi François,

does it mean that the authorization system is changed so that no longer each
role (administrator, editor, etc.) is a superset of another ?

No. "the profile in the users table is the main profile which means
the profile with the more privileges for the user according to Jeeves
user-profiles settings" but now when a user try to create/insert
metadata there is some extra check that the user :
* is at least an Editor (made by Jeeves as usual)
* is an Editor of that group (which was not the case - currently an
editor can create record in whatever group using the service and the
correct group id, see ticket #979 [1])
so a UserAdmin only will not be able to create a metadata record.

Francois

[1] http://trac.osgeo.org/geonetwork/ticket/979

Because as long as we have that, it seems pointless to be able to have 2
different roles in the same group.

Kind regards
Heikki Doeleman

On Wed, Jul 18, 2012 at 3:48 PM, Francois Prunayre <fx.prunayre@anonymised.com..>
wrote:

Thanks for your feedback Jose,

2012/7/18 Jose Garcia <jose.garcia@anonymised.com>:

Hi Francois

The proposal seem good to me.

Just a question, from the UI screenshot to maintain user information
seem
that is possible for a user have several profiles applied for same
group?
Not sure if better to restrict for each user 1 profile per group?

No you could be user admin in one group and also editor in the same group.
For example, if you're user admin only, you'll not be able to create a
metadata record, so in some cases, you need to have more than one
profile per group.

Francois

Regards,
Jose García

On Thu, Jul 5, 2012 at 6:34 PM, Francois Prunayre
<fx.prunayre@anonymised.com>
wrote:

Dear PSC,

This proposal aims to add the capability to have more than one profile
for a user. Catalog users could be:
* administrator or
* user administrator and/or reviewer and/or editor and/or registered
user

Thanks Ifremer for funding and Florent for testing.

Looking forward to your votes.

Regards

Francois

[1] http://trac.osgeo.org/geonetwork/wiki/proposals/UserProfileByGroup

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond.
Discussions
will include endpoint security, mobile security and the latest in
malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at
http://sourceforge.net/projects/geonetwork

--
GeoCat Bridge for ArcGIS allows instant publishing of data and metadata
on
GeoServer and GeoNetwork. Visit http://geocat.net for details.
_________________________
Jose García
GeoCat bv
Veenderweg 13
6721 WD Bennekom
The Netherlands
http://GeoCat.net

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at
http://sourceforge.net/projects/geonetwork

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork