Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Harvested resource permissions assignment must follow the same logic as uploaded resources #301

Closed
giohappy opened this issue Jul 5, 2021 · 7 comments
Closed

Harvested resource permissions assignment must follow the same logic as uploaded resources #301

giohappy opened this issue Jul 5, 2021 · 7 comments
Assignees
@ricardogsilva @meomancer
Labels
Harvester

Comments

@giohappy
Copy link
Contributor

giohappy commented Jul 5, 2021

From my tests it looks like visibility and download grants of resources created from harvestable resources are not assigned to anonymous users.
I expect the permissions for this resoruces to follow the same logic as uploaded resources. I suspect that the harvester is doing more then what it's asked to do. Default permission assignments should be performed by the resource manager.

@ricardogsilva can you please check this behaviour?
@ricardogsilva
Copy link
Contributor

I added the default_access_permissions attribute to the Harvester model for this very purpose. The default value just assigns the following perms to harvested resources:

{
    "AnonymousUser": ["view"]
}

Maybe this is not working as expected? I haven't really checked this through yet. I will check in what way this diverges from the uploaded resources and fix

@giohappy
Copy link
Contributor Author

giohappy commented Jul 5, 2021
edited
Loading

Please check with @afabiani. IMHO the default behaviour should be to not set any specific permissions and let the resource manager assign the default ones. If on the other side specific permissions are requested by the harvester the resource manager should apply them.

@ricardogsilva
Copy link
Contributor

@giohappy to me it seems logical that the harvester configuration would allow setting the default access permissions for harvested resources. I'm also not aware of how the resource manager can be configured in order to specify default access permissions - perhaps there is a django setting for this?

In any case, IMO it would be useful to control access permissions for harvested resources depending on each harvester.

I'm assigning this task to @meomancer. Let's proceed as you suggest, by deferring the decision on which default access permissions to set on harvested resources to the resource manager - but maybe ponder a bit on this comment, and if you find that it makes sense, please provide different instructions

@giohappy
Copy link
Contributor Author

giohappy commented Jul 7, 2021

@ricardogsilva I agree that having a way to assign resource permissions actively is important. But GeoNode implements its own logic for default permissions, so I think taht BY DEFAULT the harvester shouldn't have to set them. However, if it sets them the RM should obey.

@afabiani does the RM provide the options to set the permissions (create, ingest, update methods, etc.)?

@afabiani
Copy link
Member

afabiani commented Jul 7, 2021

@giohappy there's a set_permission specific method to do that.

This was referenced Jul 8, 2021
Closed
Merged
Closed
@meomancer
Copy link
Contributor

Could we close this @ricardogsilva ?

@ricardogsilva
Copy link
Contributor

sure, thanks for your work @meomancer!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ricardogsilva ricardogsilva

@meomancer meomancer

Labels
Harvester
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@giohappy @ricardogsilva @afabiani @meomancer