Hi all,
in a separate thread Jody pointed out to the documentation asking me
if what I called a workspace admin is the same thing as what the documentation refers
to as a “data admin”.
The concept of a workspace administrator has been introduced with GSIP-74 and is well used through the codebase to identify a user that has been given administrative access to one or more workspaces.
E.g.:
> ~/devel/git-gs/src (main) $ git grep -i workspaceadmin
community/taskmanager/core/bin/src/main/resources/applicationContext.xml:
community/taskmanager/core/src/main/resources/applicationContext.xml:
extension/geofence/geofence/src/main/java/org/geoserver/geofence/GeofenceAccessManager.java: boolean canAdmin = isWorkspaceAdmin(user, workspace.getName());
extension/geofence/geofence/src/main/java/org/geoserver/geofence/GeofenceAccessManager.java: private boolean isWorkspaceAdmin(Authentication user, String workspaceName) {
extension/metadata/src/main/resources/applicationContext.xml:
main/src/main/java/org/geoserver/security/ResourceAccessManager.java: default boolean isWorkspaceAdmin(Authentication user, Catalog catalog) {
main/src/main/java/org/geoserver/security/ResourceAccessManagerWrapper.java: public boolean isWorkspaceAdmin(Authentication user, Catalog catalog) {
main/src/main/java/org/geoserver/security/ResourceAccessManagerWrapper.java: return delegate.isWorkspaceAdmin(user, catalog);
main/src/test/java/org/geoserver/security/ResourceAccessManagerWrapperTest.java: public void isWorkspaceAdmin() {
main/src/test/java/org/geoserver/security/ResourceAccessManagerWrapperTest.java: wrapper.isWorkspaceAdmin(user, catalog);
main/src/test/java/org/geoserver/security/ResourceAccessManagerWrapperTest.java: verify(delegate, times(1)).isWorkspaceAdmin(user, catalog);
web/core/src/main/java/applicationContext.xml: <bean id=“workspaceAdminAuthorizer”
web/core/src/main/java/applicationContext.xml:
web/core/src/main/java/applicationContext.xml:
web/core/src/main/java/applicationContext.xml:
web/core/src/main/java/applicationContext.xml:
web/core/src/main/java/org/geoserver/web/ComponentAuthorizer.java: static ComponentAuthorizer WORKSPACE_ADMIN = new WorkspaceAdminComponentAuthorizer();
web/core/src/main/java/org/geoserver/web/WorkspaceAdminComponentAuthorizer.java: * @see ResourceAccessManager#isWorkspaceAdmin(Authentication, Catalog)
web/core/src/main/java/org/geoserver/web/WorkspaceAdminComponentAuthorizer.java:public class WorkspaceAdminComponentAuthorizer extends AdminComponentAuthorizer {
web/core/src/main/java/org/geoserver/web/WorkspaceAdminComponentAuthorizer.java: * Key to cache the result of {@link #isWorkspaceAdmin(Authentication)} on the request’s {@link
web/core/src/main/java/org/geoserver/web/WorkspaceAdminComponentAuthorizer.java: static final String REQUEST_CONTEXT_CACHE_KEY = “WORKSPACEADMIN_COMPONENT_AUTHORIZER_VALUE”;
web/core/src/main/java/org/geoserver/web/WorkspaceAdminComponentAuthorizer.java: Boolean workspaceAdmin = getCachedValue();
web/core/src/main/java/org/geoserver/web/WorkspaceAdminComponentAuthorizer.java: if (null == workspaceAdmin) {
web/core/src/main/java/org/geoserver/web/WorkspaceAdminComponentAuthorizer.java: workspaceAdmin = isWorkspaceAdmin(authentication);
web/core/src/main/java/org/geoserver/web/WorkspaceAdminComponentAuthorizer.java: setCachedValue(workspaceAdmin.booleanValue());
web/core/src/main/java/org/geoserver/web/WorkspaceAdminComponentAuthorizer.java: return workspaceAdmin;
web/core/src/main/java/org/geoserver/web/WorkspaceAdminComponentAuthorizer.java: boolean isWorkspaceAdmin(Authentication authentication) {
web/core/src/main/java/org/geoserver/web/WorkspaceAdminComponentAuthorizer.java: return null != manager && manager.isWorkspaceAdmin(authentication, getCatalog());
web/core/src/main/java/org/geoserver/web/WorkspaceAdminComponentAuthorizer.java: void setCachedValue(boolean workspaceAdmin) {
web/core/src/main/java/org/geoserver/web/WorkspaceAdminComponentAuthorizer.java: REQUEST_CONTEXT_CACHE_KEY, workspaceAdmin, RequestAttributes.SCOPE_REQUEST);
web/core/src/test/java/org/geoserver/web/WorkspaceAdminComponentAuthorizerTest.java:public class WorkspaceAdminComponentAuthorizerTest extends GeoServerWicketTestSupport {
web/core/src/test/java/org/geoserver/web/WorkspaceAdminComponentAuthorizerTest.java: private WorkspaceAdminComponentAuthorizer authorizer;
web/core/src/test/java/org/geoserver
It is however true that the documentation currently has a concept of a Data Admin… that I don’t remember hearing of before.
So I checked how this name came to be, and what I’ve found left me speechless and deeply upset.
Turns out the concept did not exist up until 7 months ago, when Jody introduced it in a pull request that
had an entirely different objective, “Produce context for use of environment variables and application properties”,
that landed on main and then was manually pushed to 2.25.x and 2.24.x
For reference, here is a grep over the 2.23.x documentation, showing the concept did not exist back then:
~/devel/git-gs/doc/en (2.23.x) $ git grep -i “data admin”
user/source/webadmin/index.rst:*These pages are shown to administrators, and users that have data admin permissions.
To be fair, the documentation did not have an explicit naming of workspace administrators either, but the concept is well rooted in the code, as shown above.
Naming things is important. Introducing a random name in documentation with no discussion, as a side effect
of a pull request with a different scope, and making the user documentation inconsistent with the code is not the way to go.
I kindly request that the new term be backed out of the documentation and replaced with the one we have been using
since 2012 (at least code wise), or at least that the new name be removed, as it conflicts with the code, creating confusion
in everyone that would try to contribute to GeoServer in the authorization subsystem.