Datasets Authoorization
CASL ability actions
This is the list of the permissions methods available for datasets and all their endpoints
Endpoint authorization
- DatasetCreate
- DatasetRead
- DatasetUpdate
- DatasetDelete
- DatasetAttachmentCreate
- DatasetAttachmentRead
- DatasetAttachmentUpdate
- DatasetAttachmentDelete
- DatasetOrigdatablockCreate
- DatasetOrigdatablockRead
- DatasetOrigdatablockUpdate
- DatasetOrigdatablockDelete
- DatasetDatablockCreate
- DatasetDatablockRead
- DatasetDatablockUpdate
- DatasetDatablockDelete
- DatasetLogbookRead
Instance authorization
- DatasetCreateOwnerNoPid
- DatasetCreateOwnerWithPid
- DatasetCreateAny
- DatasetReadManyPublic
- DatasetReadManyAccess
- DatasetReadManyOwner
- DatasetReadOnePublic
- DatasetReadOneAccess
- DatasetReadOneOwner
- DatasetReadAny
- DatasetUpdateOwner
- DatasetUpdateAny
- DetasetDeleteOwner
- DatasetDeleteAny
- DatasetAttachmentCreateOwner
- DatasetAttachmentCreateAny
- DatasetAttachmentReadPublic
- DatasetAttachmentReadAccess
- DatasetAttachmentReadOwner
- DatasetAttachmentReadAny
- DatasetAtatchementUpdateOwner
- DatasetAtatchementUpdateAny
- DatasetAttachmentDeleteOwner
- DatasetAttachmentDeleteAny
- DatasetOrigdatablockCreateOwner
- DatasetOrigdatablockCreateAny
- DatasetOrigdatablockReadPublic
- DatasetOrigdatablockReadAccess
- DatasetOrigdatablockReadOwner
- DatasetOrigdatablockReadAny
- DatasetOrigdatablockUpdateOwner
- DatasetOrigdatablockUpdateAny
- DatasetOrigdatablockDeleteAny
- DatasetDatablockCreateOwner
- DatasetDatablockCreateAny
- DatasetDatablockReadPublic
- DatasetDatablockReadAccess
- DatasetDatablockReadOwner
- DatasetDatablockReadAny
- DatasetDatablockUpdateOwner
- DatasetDatablockUpdateAny
- DatasetDatablockDeleteOwner
- DatasetDatablockDeleteAny
- DatasetLogbookReadOwner
- DatasetLogbookReadAny
Implementation
How the different level of authorization translates in data condition applied byt he backend.
- * Public
- isPublished = true
- * Access (condition ar applied in logical or)
- isPublished = true
- ownerGroup is one of the groups that the user belongs
- accessGroups are one of the groups that the user belongs
- sharedWith contains the user's email
- * Owner
- ownerGroup is one of the groups that the user belongs
- * Any
- User can perform the action to any dataset
Priority
%%{init: {'theme' : 'base', 'themeVariables': { 'fontSize': '11px', 'fontFamily' : 'monospace'}}}%%
graph LR;
DatasetCreate-->DatasetCreateOwnerNoPid;
DatasetCreateOwnerNoPid-->DatasetCreateOwnerWithPid;
DatasetCreateOwnerWithPid-->DatasetCreateAny;
DatasetRead-->DatasetReadManyPublic;
DatasetReadManyPublic-->DatasetReadManyAccess;
DatasetReadManyAccess-->DatasetReadManyOwner;
DatasetReadManyOwner-->DatasetReadAny;
DatasetRead-->DatasetReadOnePublic;
DatasetReadOnePublic-->DatasetReadOneAccess;
DatasetReadOneAccess-->DatasetReadOneOwner;
DatasetReadOneOwner-->DatasetReadAny;
DatasetUpdate-->DatasetUpdateOwner;
DatasetUpdateOwner-->DatasetUpdateAny;
DatasetDelete-->DatasetDeleteOwner;
DatasetDeleteOwner-->DatasetDeleteAny;
Authorization table
| HTTP method | Endpoint | Endpoint Authorization | Anonymous | Authenticated User | Create Dataset Groups | Create Dataset with Pid Groups | Create Dataset Privileged Groups | Admin Groups | Delete Groups | Notes |
|---|---|---|---|---|---|---|---|---|---|---|
| POST | Datasets | DatasetCreate | no | no | Owner, w/o PID DatasetCreateOwnerNoPid |
Owner, w/ PID DatasetCreateOwnerWithPid |
Any DatasetCreateAny |
Any DatasetCreateAny |
no | |
| POST | Datasets/isValid | DatasetCreate | no | no | Owner, w/o PID DatasetCreateOwnerNoPid |
Owner, W/ PID DatasetCreateOwnerWithPid |
Any DatasetCreateAny |
Any DatasetCreateAny |
no | |
| GET | Datasets | DatasetRead | Public DatasetReadPublic |
Has Access DatasetReadAccess |
Has Access DatasetReadAccess |
Has Access DatasetReadAccess |
Has Access DatasetReadAccess |
Any DatasetReadyAny |
no | |
| GET | Datasets/fullquery | DatasetRead | Public DatasetReadManyPublic |
Has Access DatasetReadManyAccess |
Has Access DatasetReadManyAccess |
Has Access DatasetReadManyAccess |
Has Access DatasetReadManyAccess |
Any DatasetReadAny |
no | |
| GET | Datasets/fullfacet | DatasetRead | Public DatasetReadManyPublic |
Has Access DatasetReadManyAccess |
Has Access DatasetReadManyAccess |
Has Access DatasetReadManyAccess |
Has Access DatasetReadManyAccess |
Any DatasetReadAny |
no | |
| GET | Datasets/metadataKeys | DatasetRead | Public DatasetReadManyPublic |
Has Access DatasetReadManyAccess |
Has Access DatasetReadManyAccess |
Has Access DatasetReadManyAccess |
Has Access DatasetReadManyAccess |
Any DatasetReadAny |
no | |
| GET | Datasets/count | DatasetRead | Public DatasetReadManyPublic |
Has Access DatasetReadManyAccess |
Has Access DatasetReadManyAccess |
Has Access DatasetReadManyAccess |
Has Access DatasetReadManyAccess |
Any DatasetReadAny |
no | |
| GET | Datasets/findOne | DatasetRead | Public DatasetReadOnePublic |
Has Access DatasetReadOneAccess |
Has Access DatasetReadOneAccess |
Has Access DatasetReadOneAccess |
Has Access DatasetReadOneAccess |
Any DatasetReadAny |
no | |
| GET | Datasets/pid | DatasetRead | Public DatasetReadOnePublic |
Has Access DatasetReadOneAccess |
Has Access DatasetReadOneAccess |
Has Access DatasetReadOneAccess |
Has Access DatasetReadOneAccess |
Any DatasetReadAny |
no | |
| PATCH | Datasets/pid | DatasetUpdate | no | no | Owner DatasetUpdateOwner |
Owner DatasetUpdateOwner |
Owner DatasetUpdateOwner |
Any DatasetUpdateAny |
no | |
| PUT | Datasets/pid | DatasetUpdate | no | no | Owner DatasetUpdateOwner |
Owner DatasetUpdateOwner |
Owner DatasetUpdateOwner |
Any DatasetUpdateAny |
no | |
| POST | Datasets/pid/appendToArrayField | DatasetUpdate | no | no | Owner DatasetUpdateOwner |
Owner DatasetUpdateOwner |
Owner DatasetUpdateOwner |
Any DatasetUpdateAny |
no | |
| DELETE | Datasets/pid | DatasetDelete | no | no | no | no | no | no | Any DatasetDeleteAny |
|
| GET | Datasets/pid/thumbnail | DatasetRead | Public DatasetReadPublic |
Has Access DatasetReadAccess |
Has Access DatasetReadAccess |
Has Access DatasetReadAccess |
Has Access DatasetReadAccess |
Any DatasetReadAny |
no | |
| POST | Datasets/pid/attachments | DatasetAttachmentCreate | no | no | Owner DatasetAttachmentCreateOwner |
Owner DatasetAttachmentCreateOwner |
Any DatasetAttachmentCreateAny |
Any DatasetAttachmentCreateAny |
no | |
| GET | Datasets/pid/attachments | DatasetAttachmemntRead | Public DatasetAttachmentReadPublic |
Has Access DatasetAttachmentReadAccess |
Has Access DatasetAttachmentReadAccess |
Has Access DatasetAttachmentReadAccess |
Has Access DatasetAttachmentReadAccess |
Any DatasetAttachmentReadAny |
no | |
| PUT | Datasets/pid/attachments/aid | DatasetAttachmemntUpdate | no | no | Owner DatasetAttachmentUpdateOwner |
Owner DatasetAttachmentUpdateOwner |
Owner DatasetAttachmentUpdateOwner |
Any DatasetAttachmentCreateAny |
no | |
| DELETE | Datasets/pid/attachments/aid | DatasetAttachmemntDelete | no | no | Owner DatasetAttachmentDeleteOwner |
Owner DatasetAttachmentDeleteOwner |
Owner DatasetAttachmentDeleteOwner |
Any DatasetAttachmentDeleteAny |
no | |
| POST | Datasets/pid/origdatablocks | DatasetOrigdatablocksCreate | no | no | Owner DatasetOrigdatablockCreateOwner |
Owner DatasetOrigdatablockCreateOwner |
Any DatasetOrigdatablockCreateAny |
Any DatasetOrigdatablockCreateAny |
no | |
| POST | Datasets/pid/origdatablocks/isValid | DatasetOrigdatablocksCreate | no | no | Owner DatasetOrigdatablockCreateOwner |
Owner DatasetOrigdatablockCreateOwner |
Any DatasetOrigdatablockCreateAny |
Any DatasetOrigdatablockCreateAny |
no | |
| GET | Datasets/pid/origdatablocks | DatasetOrigdatablocksRead | Public DatasetOrigdatablockReadPublic |
Has Access DatasetOrigdatablockReadOAccess |
Has Access DatasetOrigdatablockReadAccess |
Has Access DatasetOrigdatablockReadAccess |
Has Access DatasetOrigdatablockReadAccess |
Any DatasetOrigdatablockReadAny |
no | |
| PATCH | Datasets/pid/origdatablocks/oid | DatasetOrigdatablocksUpdate | no | no | Owner DatasetOrigdatablockUpdateOwner |
Owner DatasetOrigdatablockUpdateOwner |
Owner DatasetOrigdatablockUpdateOwner |
Any DatasetOrigdatablockCreateAny |
no | |
| DELETE | Datasets/pid/origdatablocks/oid | DatasetOrigdatablocksDelete | no | no | no | no | no | no | Any DatasetOrigdatablockDeleteAny |
|
| POST | Datasets/pid/datablocks | DatasetDatablocksCreate | no | no | Owner DatasetDatablockCreateOwner |
Owner DatasetDatablockCreateOwner |
Owner DatasetDatablockCreateOwner |
Any DatasetDatablockCreateAny |
no | |
| GET | Datasets/pid/datablocks | DatasetOrigdatablocksRead | Public DatasetDatablockReadPublic |
Has Access DatasetDatablockReadAccess |
Has Access DatasetDatablockReadAccess |
Has Access DatasetDatablockReadAccess |
Has Access DatasetDatablockReadAccess |
Any DatasetDatablockReadAny |
no | |
| PATCH | Datasets/pid/datablocks/oid | DatasetDatablocksUpdate | no | no | Owner DatasetDatablockUpdateOwner |
Owner DatasetDatablockUpdateOwner |
Owner DatasetDatablockUpdateOwner |
Any DatasetDatablockCreateAny |
no | |
| DELETE | Datasets/pid/datablocks/oid | DatasetDatablocksDelete | no | no | no | no | no | no | Any DatasetDatablockDeleteAny |
|
| GET | Datasets/pid/logbook | DatasetLogbookRead | no | Owner DatasetLogbookReadOwner |
Owner DatasetLogbookReadOwner |
Owner DatasetLogbookReadOwner |
Owner DatasetLogbookReadOwner |
Any DatasetLogbookReadAny |
no |