Mark resources and values as deleted, and check permissions on links #186
Conversation
- Refactor some code for the context query in the resources responder.
- Fix link deletion.
- Rename all 'rapierPath' to 'knoraApiPath.
- Distinguish between the 'anything' test user and the root user.
|
Great, you fixed the bug that on value deletion some strange value IRI was written back in the response. Now it is the same as the one that was sent in the original request. Hpwever, I do not fully understand the documention for the parameter id for
How can there be a new version of that value be returned when it has been deleted just now? Concurrency? |
|
I have just found a bug in |
|
I added a fix to correctly URL encode IRIs for the delete request |
This is explained in the design documentation:
|
This wasn't a bug. Please read the description of this pull request above, paying special attention to this sentence:
|
|
The old behaviour was also documented:
|
|
Ok, now I understand why in the case of a link a new version has to be created. Could you please add a sentence to the documentation for |
| @@ -972,9 +972,7 @@ | |||
|
|
|||
| rdfs:subPropertyOf :systemProperty ; | |||
|
|
|||
| rdfs:comment "Indicates when a resource was deleted"@en ; | |||
|
|
|||
| :subjectClassConstraint :Resource ; | |||
There was a problem hiding this comment.
Did you remove the constraint because this can apply to a resource and/or a value?
|
I do have a problem of understanding regarding the deletion of LinkValues. The following code ist from ValuesResponderV1.scala: case linkValue: LinkValueV1 =>
// It's a LinkValue. Make a new version of it with a reference count of 0, and mark the new
// version as deleted.
val linkPropertyIri = knoraIriUtil.linkValuePropertyIri2LinkPropertyIri(findResourceWithValueResult.propertyIri)
for {
sparqlTemplateLinkUpdate <- decrementLinkValue(
sourceResourceIri = findResourceWithValueResult.resourceIri,
linkPropertyIri = linkPropertyIri,
removedTargetResourceIri = linkValue.objectIri,
userProfile = deleteValueRequest.userProfile
)
sparqlUpdate = queries.sparql.v1.txt.deleteLink(
dataNamedGraph = settings.projectNamedGraphs(findResourceWithValueResult.projectIri).data,
triplestore = settings.triplestoreType,
linkSourceIri = findResourceWithValueResult.resourceIri,
linkUpdate = sparqlTemplateLinkUpdate,
maybeComment = deleteValueRequest.deleteComment
).toString()
} yield (sparqlUpdate, sparqlTemplateLinkUpdate.newLinkValueIri)What happens if the direct link has a reference count of 2? Then it only should be decremented to 1, but the direct link should not be deleted, right? This is how I understand this line: But in the template So in our example that would be |
This, too, is explained in
|
|
See also the documentation in
|
|
ok, so only a TextValue's standofflinks could create a ref count > 1. in decrementLinkValue, I found the following comment: Isn't this misleading? Of course there is "already a link". It is the one that you attempt to delete. |
|
That's in a match-case expression that looks at the result of a SPARQL query to get the details of the link. The link should exist, but if it doesn't, the query result will be |
|
Wouldn't it be better to say that you found what you expected in the first case? |
|
Ok, I see now what |
|
I'm going to keep working on #182. It also just occurred to me that the resource context query doesn't check permissions on |
benjamingeer
changed the title
|
Ok, I will try to finish the review of this pull request by tomorrow. If you have time could you have a look at #101 (comment)? Thx. |
|
No need to review this again yet, because #182 is going to take a lot more work. |
- Require valueHasString on knora-base:Value.
|
The main things that have changed since this pull request was last reviewed:
The resources responder still doesn't check permissions on link values for So I think this pull request is ready for review again. |
|
I've implemented #196: the permissions of each resource or value are now stored in a single triple, using the datatype property |
|
Since permission checking is now much faster, I added permission checking on link values for |
|
I have a question regarding permission checking of incoming links. In However, in case of a standoff link, the owner is the SystemUser (hasStandoffLinkToValue). So what would happen in that case? Would that case have to treated specially here?
If I get this right, standoff links should always be displayed. However, the user might not be able to see the underlying TextValue that gives the link semantics. |
|
The new way of representing permissions required the test data to be changed. I will have to do that for the BEOL test server. What would be the easiest way to do that? I can make a dump, change the data and load it back in. |
Yes, it's treated specially. To see a standoff link, the user only needs permission to see the source and target resources. This is documented in "To view a link between resources, a user needs permission to view the source and target resources. He also needs permission to view the And in section 4.1.3 ( "Link values created automatically for resource references in standoff are automatically visible to all users, as long as they have permission to see the source and target resources." This special case is implemented in
I wrote a program to change the test data. The test data on the The first argument currently has to be |
|
got it: Regrading permissions: Great, I will try to run the program with he beol data |
|
You refactored search so only one query is done (before, we had separate queries for paging and the actual results). Now, search results may be filtered out if the user has no permissions to see them (changing the number of search results). Does this get us into trouble somehow? I do not remember the reason, but we designed the query so we could do the counting directly on the basis of the results returned by the triplestore. |
|
The previous design relied on the triplestore to do counting and paging. The SPARQL had to count and return one row per matching resource so the OFFSET and LIMIT would be correct for paging. The revised design does all the counting and paging in Scala, so it's fine if the SPARQL returns more than one row per matching resource. |
* feature (consistency): Simplify consistency checking rules. - Allow a required property to have only a value marked as deleted. - Rename properties used in knora-base for consistency checking to make them clearer. - Add comments. * feature (store): Add consistency check optimisations suggested by Ontotext. - Update GraphdBConsistencyCheckingSpec to test the new consistency checking rules. - Add missing cardinalities for hasStandoffLinkTo and hasStandoffLinkToValue to knora-base:Resource, and update test data accordingly. * docs: Add documentation for optimised GraphDB consistency rules. * feature (store): Adjust scripts and configuration for GraphDB 7.0.3. * test: Add test for property with no cardinality. * fix (webapi): Redesign value deletion as per #63. * feature (webapi): Implement resource deletion. - Refactor some code for the context query in the resources responder. * feature (webapi): Add test for resource deletion (#132). - Fix link deletion. * docs: Update docs about deletion. * feature (webapi): Add an E2E test for deleting a resource. - Rename all 'rapierPath' to 'knoraApiPath. * test: Add E2E tests for creating and deleting values. - Distinguish between the 'anything' test user and the root user. * test: Add E2E tests for changing and deleting more value types. * fix (exclude deleted resources from extended search): check for deleted flag * fix (URL encode IRIs): URL encode IRIs for delete request * feature (webapi): WIP for pull request #186. * feature (webapi): WIP for pull request #186. * fix (webapi): Check permissions on LinkValues for incoming links (issue #88). - Always grant view permission on LinkValues for hasStandoffLinkTo. - Refactor link querying in ValuesResponderV1. - Use ?prop and ?obj in SPARQL rather than ?p and ?o, for consistency and code reuse. * doc: Update various things in knora-base.tex. - Describe the new deleting design. - Describe the SystemUser. - Remove ideas about future standoff development that are obsolete in the new standoff design. - Make the \issue{} command point to GitHub issues. * docs: Clarify permissions on standoff links in knora-base.tex. * style (webapi): Add comments to clarify value creation in a new resource. * test: Add test for deleting two text values containing the same standoff resource reference. * test: Add tests of permission-checking on incoming and outgoing links (issues #88 and #89). * fix (webapi): Fix permission checking on outgoing links. * style (webapi): Correct comments and variable names. * fix (webapi): Check permissions on values in results of extended search. - Require valueHasString on knora-base:Value. * test: Remove incorrect test data (issue #17). * fix (webapi): Check permissions on values in results of full-text search. * style (webapi): Use IRI instead of String. * style (webapi): Reformat code. * feature (store): Update config and scripts for GraphDB 7 running as a stand-alone server. * test: Fix some test data. * docs: Update knora-base.tex. * docs: Update consistency checking doc. * fix (ontologies): Add missing rdfs:subPropertyOf :objectCannotBeMarkedAsDeleted for consistency checking. * feature (webapi): Add check for missing cardinalities in values. * test: Fix typo. * test: Add an extended search test with three criteria to check performance. * feature (webapi): Store permissions in a single triple for more efficent queries (#196) * feature (webapi): Check permissions in context query. * feature (webapi): Check permissions in context query. * docs: Clarify requirements regarding use of subjectClassConstraint and objectClassConstraint. * docs (typos) - it is an honour for me to fix your typos * docs: Clarify the syntax of inference and consistency rules.
The code for marking resources and values as deleted was incomplete and incorrect, so this is a reimplementation.
Previously, we had to make a new version of a value to mark it as deleted. Now this is necessary only for
LinkValue(because its reference count has to be decremented to 0 first).All resources and values that are marked as deleted now have a
deleteDateas well asisDeleted true.I implemented permission-checking on link values in the resources responder and the search responder.
Permissions are now stored in a single string literal as per #196, using the datatype property
knora-base:hasPermissions. The format of this literal is documented inknora-base.tex.I've also refactored some things in the resources responder, the values responder, and the routes and tests, and added comments.
Closes #53: When a
TextValuecontaining standoff links is deleted, decrement the links' reference counts.Closes #88: What permissions should a
LinkValuefor a standoff link have?Closes #89: Permissions on links are not checked correctly.
Closes #132: Delete a resource.
Closes #182: Handle Permissions on Properties correctly when searching.
Closes #196: Store permissions in a single triple for more efficient queries.