-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filter cohorts and concepts but read permissions - penultimate draft pull request #2297
Filter cohorts and concepts but read permissions - penultimate draft pull request #2297
Conversation
…a user only sees what their role has permission to read. This initial commit has a big issue in that a person who authors a conceptset cannot see the concept set unless a new permission is added. To be fixed.
…i-ohdsi/WebAPI into filter_cohorts_and_concepts
merging upstream
…n used to tell the WebAPI to do filtering based on READ permissions. The new property is called security.defaultGlobalReadPermissions
…n used to tell the WebAPI to do filtering based on READ permissions. The new property is called security.defaultGlobalReadPermissions
… on getting the cohortdefinition filtering to work. Still need to fix the case where another user grants read permission to a single cohort definition to another user and then that definition is visible. Currently, somehow, all definitions authored by the granting user are showing in the grantee's Atlas. Once worked out, the task will be to repeat the steps for every one of the following files: src/main/java/org/ohdsi/webapi/security/model/CohortCharacterizationPermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/CohortDefinitionPermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/ConceptSetPermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/EstimationPermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/FeatureAnalysisPermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/IncidenceRatePermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/PathwayAnalysisPermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/PredictionPermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/ReusablePermissionSchema.java src/main/java/org/ohdsi/webapi/security/model/TagPermissionSchema.java
… apply the concept filtering to other artifact types
…efinitions. Tests OK
…D permissions - tested and not working completely. Strange permissions issue that appears to be entirely client-side.
This updated draft pull request implements the READ permissions filtering across all the following applications in Atlas:
Of the above, Prediction is still having issues in testing but it seems to be on the Atlas client side. I am submitting this draft so that code review can occur while I work out the issue and do a bit more testing. NOTE: These changes will need to come with a new system role that the admins could select which I am calling the 'Read Restricted Atlas User' role. I think the following query could be the basis for adding SQL to flyway to create this role:
|
This is closed because the update should have happened on draft pull request 2245 |
Now filtering works for concept sets and cohort definitions. Wanted to check if this is going ok and then discuss if we should keep going for all of the other applications now or do the rest for 2.15 release. Also, need to discuss where revised system permission should go (i.e., in the release code or just instructions).