Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VIVO-206: Implement statement-level authorization control on PrimitiveDelete #1898

Closed
chenejac opened this issue Jul 16, 2013 · 0 comments · Fixed by vivo-project/Vitro#398
Closed

VIVO-206: Implement statement-level authorization control on PrimitiveDelete #1898

chenejac opened this issue Jul 16, 2013 · 0 comments · Fixed by vivo-project/Vitro#398
Labels
Authentication; Authorization; and Security Improvement Jira Major Open

Comments

@chenejac
Copy link
Contributor

Jim Blake (Migrated from VIVO-206) said:

Moved from https://issues.library.cornell.edu/browse/NIHVIVO-2722
created 6/17/2011

Call PolicyHelper to check whether the user is authorized to delete this Individual.

I can easily check to see whether the user is authorized to delete an Individual, but according to current policy:
a self-editor is authorized to delete any Individual that is not in a restricted namespace,
a curator, editor or dba is not authorized to delete any Individual.

I'm guessing that's not the policy we want. Any thoughts?

Jim
Rebecca Younes (account no longer used) added a comment - 17/Jun/11 5:18 PM
Not sure what "current" policy means - that was not the policy in 1.2, or the authorship deletion wouldn't have worked. Off the top of my head, I'd say that anyone who can edit an individual can delete a context node associated with that individual. Deletion of non-context node individuals is harder, but certainly a dba should be able to do it.
Jim Blake added a comment - 21/Jun/11 5:00 PM
What should be the policy for deleting Individuals?

Rebecca suggests that I should be able to delete a context node associated with any Individual whose properties I can edit. Does that make sense? How would I determine that?

What about deleting other types of Individuals?
Jim Blake added a comment - 22/Jun/11 2:42 PM
Sorry if I was unclear.

What I described was indeed the policy as encoded in 1.2, but our servlets didn't check the policy. They just performed the action for anyone who requested it.

If we are going to check authorization, we will want to change that policy.
Brian Caruso added a comment - 22/Jun/11 4:03 PM
Options for delete:

A) An individualXYZ can delete individualABC if there is a statement of individualXYZ ?pred individualABC where ?pred is in some list of predicates.

B) Deleting an individual is really just deleting all statements where the individual is in the subject or object position. Maybe just make a list of those statements and check the policy if those statements can be deleted?

C) Considering that deleting an individual is really just deleting all statements where the individual is in the subject or object position, change the API so that there is no "delete individual" action and maybe just have helper method that works like option B.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Authentication; Authorization; and Security Improvement Jira Major Open
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Attribute based access control implementation litvinovg/Vitro
2 participants
@j2blake @chenejac