Changes between Version 8 and Version 9 of AuthModule/UserStories
- Timestamp:
- 2011-01-22T09:39:03+01:00 (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
AuthModule/UserStories
v8 v9 1 1 = Authentication and Authorization module user stories = 2 3 Data:4 * structural elements include entities (table), fields (columns), and user interface screens5 * instance elements are the 'rows' or 'objects'.6 7 Users:8 * anonymous user: users who are not logged in9 * authenticated user: users that have registered to the system10 * adminstrator: special authenticated user who may manage overall permissions for the MOLGENIS app.11 12 Permission:13 * read permission: ability to view the data14 * write permissions: ability to edit the data15 * execute: ability to use data inside processing16 * ownership: ability to add or remove data or set permissions17 * sharing permissions: that is row-level security which is defined as defining permissions per data row/object.18 19 2 [[TOC()]] 20 3 21 == As authenticated user I want to define data permissions including read, write, execute and ownership. == 4 Definitions: 5 * Data: 6 * structural elements: entities (table), fields (columns), and user interface screens 7 * objects or rows: instances of entities 8 * Users: 9 * anonymous user: users who are not logged in 10 * authenticated user: users that have registered to the system 11 * adminstrator: special authenticated user who may manage overall permissions for the MOLGENIS app. 12 * Permission: 13 * read permission: ability to view the data 14 * write permissions: ability to edit the data 15 * execute: ability to use data inside processing 16 * ownership: ability to add or remove data or set permissions 17 * sharing permissions: that is row-level security which is defined as defining permissions per data row/object. 18 19 == As an administrator I want to set read, write, execute and ownership permissions on entities including entities, fields, rows and screens. == 22 20 Acceptance criteria: 21 * I can define that entity Sample is editable by the group 'Students' except the column 'Name' and only within the screen 'Lab'. 22 * I can define that entity Investigation is viewable to group 'Lab workers' but only column Name so that it can be used in 'xrefs'. 23 * I can define that entity Protocol can be edited by 'Lab technicians' except in the screen 'All protocols'. 23 24 * Please add! 24 25 25 26 Tickets: 27 28 * Create an interface MolgenisElement. Make Entity, Field, ScreenModel implement MolgenisElement. 29 * Create an interface Authorizable with fields owner: xref->!MolgenisUser, shareRead: xref->!MolgenisGroup, shareWrite: xref->!MolgenisGroup. 26 30 * Extend Permission enum in DatabaseLogin to cover read, write, execute and ownership. 27 31 28 == As an administrator I want to set permissions on entities including entities, fields, rows and screens. ==32 == As an administrator I want to be able to manage users and groups. == 29 33 Acceptance criteria: 34 * 35 36 Tickets: 37 * Create a user interface to manage users and groups that is accessible to the administrator only. 38 39 == As authenticated user I want to create my private groups of users and for objects that I own add permissions on users or groups. == 40 41 Acceptance criteria: 42 * I want to indicate for each of the Investigations I own what groups are allowed to edit and view. 43 * I want to be able to transfer ownership of a data objects to another user 44 * I want to be able to transfer ownership on all my data object to another user 45 * I want to say that my friend Peter can see all Protocols that I own but not all my ObservedValue except those ObservedValue I marked as 'public'. 46 * If multiple permissions apply the narrower ones override the broader ones. 30 47 * Please add! 31 48 32 49 Tickets: 33 * Create an interface MolgenisElement. Make Entity, Field, ScreenModel implement MolgenisElement.34 * Create an interface Authorizable with fields owner: xref->!MolgenisUser, shareRead: xref->!MolgenisGroup, shareWrite: xref->!MolgenisGroup.35 50 36 == As authenticated user I want to create my own groups of users and add permissions on users or groups. If multiple permissions apply the broader ones override the narrower ones. ==37 38 Acceptance criteria:39 * I want to say that my friend Peter can see all my Protocols but not all my ObservedValue except those ObservedValue I marked as 'public'.40 * Please add!41 42 Tickets:43 51 * Rename !MolgenisRole to !MolgenisGroup. 44 52 * Connect !MolgenisUsers to !MolgenisGroups using a many-many relationship. Figure out how to do that best: mref, explicit bridge table, inheritance, ... … … 46 54 * Make Molgenis check permissions via central class. (To be refined.) 47 55 * Create a user interface to manage permissions for the entities owned by the user that is logged in. 48 49 == As an administrator I want to be able to manage users and groups. ==50 Acceptance criteria:51 *52 53 Tickets:54 * Create a user interface to manage users and groups that is accessible to the administrator only.55 56 56 57 == As an administrator I want to have the possibility to forward permissions from an entity to others. == … … 67 68 68 69 Tickets: 69 * Create a public user.70 * Make the login class to log in th epublic user by default.70 * Make sure that every database instance has a special 'anonymous' user 71 * Make the login class to log in this public user by default. 71 72 72 73 == As an investigator I want to be able to share the permissions on all entities belonging to my investigation with other users or groups. == 73 74 Acceptance criteria: 75 74 76 * I, Erik, can give my co-workers Despoina and Robert read-only access to all the features, values and targets belonging to my investigation AnimalDB. 75 77 * Please add! 78 76 79 Tickets: 80 77 81 * See above.
