ESciDoc User Account Filter

From MPDLMediaWiki
Jump to navigation Jump to search

Filter for Users, Privileges and Roles[edit]

General Concept[edit]

  • We need the possibility to filter for users, roles and scopes of roles.

Requirements[edit]

  • retrieve list of objects for which user has been granted with role X
  • retrieve list of roles which user has been granted on item/container X
    • the latter shall return also the roles which are granted to the context of item/container X
  • retrieve list of users that have grant on object X

Realization[edit]

We need a new interface-method in the user-account-handler that takes a filter-parameter that can contain:

  • One or more userIds
  • One or more roleIds
  • One or more objectIds
--Natasa 15:24, 17 February 2009 (UTC)Proposal MPDL in addition:
  • Revocation-date-from
  • Revocation-date-to
  • granted-date-from
  • granted-date-to
  • creator-id
  • revoker-id
  • i.e. any parameter (with exception of grant/revocation remarks) in role-grant table that is used at present (in case of dates with from/to parameters)--Natasa 15:24, 17 February 2009 (UTC)

Result will be an xml that contains a list of grants .

for us it is acceptable to have the complete records from the role-grant table that satisfy the filter criteria--Natasa 15:24, 17 February 2009 (UTC)

The userIds/roleIds/objectIds... delivered by the filter are concatenated with and.

The list of same id-types delivered by the filter are concatenated with or.

Example: filter contains 2 userIds and 2 roleIds. This results in:

(userId=user1 or userId=user2) and (roleId=role1 or roleId=role2)

XML[edit]

Structure of the filter-xml[edit]

<param>

<filter name="userId">escidoc:user2312</filter>

<filter name="groupId">escidoc:group2312</filter>

<filter name="roleId">escidoc:role2312</filter>

<filter name="objectId">escidoc:item2312</filter>

<filter name="status">active</filter>

<filter name="revocationDateFrom">1980-01-28T07:00:00.000+01:00</filter>

<filter name="revocationDateTo">2009-01-28T07:00:00.000+01:00</filter>

<filter name="grantedDateFrom">1980-01-28T07:00:00.000+01:00</filter>

<filter name="grantedDateTo">2009-01-28T07:00:00.000+01:00</filter>

<filter name="creatorId">escidoc:item2312</filter>

<filter name="revokerId">escidoc:item2312</filter> </param>

Structure of the result-xml[edit]

list of grants accourding to grants-schema is returned Implementation needs a schema-change of grants-schema: -grants-schema doesnt contain id of user/group. We need to add element userId and element groupId for the new filter-function -add new root-element grant-list to grants-schema

NOTE: grant-schema is used by the following methods of the user-account-handler: -createGrant -retrieveCurrentGrants -retrieveGrant

Questions + Remarks[edit]

  • Should we additionally allow providing the name of the role in the filter instead of the id?
As we agreed on today's video conference it should only be the role-id