wiki:AuthModule/UserStories

Version 23 (modified by rwagner, 14 years ago) (diff)

--

Authentication and Authorization module user stories

Definitions:

  • Data:
    • structural elements: entities (table), fields (columns), and user interface screens
    • objects or rows: instances of entities
  • Users:
    • anonymous user: users who are not logged in
    • authenticated user: users that have registered to the system
    • adminstrator: special authenticated user who may manage overall permissions for the MOLGENIS app.
  • Permission:
    • read permission: ability to view the data
    • write permissions: ability to edit the data
    • execute: ability to use data inside processing
    • ownership: ability to add or remove data or set permissions
    • sharing permissions: that is row-level security which is defined as defining permissions per data row/object.

As new user to the system I want to register myself and then have the ability to login, logout and change my details

"User login and registration" plugin

Acceptance criteria:

  • I, Jessica, can access the system and subsequently register myself.
  • I receive an email with a link to finish registration.
  • I can login and change my password
  • I can then logout.

Tickets:

  • please add

As an administrator I want to set read, write, execute and ownership permissions on entities including fields, rows and screens.

"Users and Groups manager" screen

Acceptance criteria:

  • I can define that entity Sample is editable by the group 'Students' except the column 'Name' and only within the screen 'Lab'.
  • I can define that entity Investigation is viewable to group 'Lab workers' but only column Name so that it can be used in 'xrefs'.
  • I can define that entity Protocol can be edited by 'Lab technicians' except in the screen 'All protocols'.
  • Please add!

Tasks:

  • Create an interface MolgenisElement?. Make Entity, Field, ScreenModel? implement MolgenisElement?.
  • Create an interface Authorizable with fields owner: xref->MolgenisUser, shareRead: xref->MolgenisGroup, shareWrite: xref->MolgenisGroup.
  • Extend Permission enum in DatabaseLogin? to cover read, write, execute and ownership.
  • Extend the InstallPlugin? so that there is always an Administrator user in the database and it can't be deleted.

As an administrator I want to be able to manage users, groups and permissions.

Acceptance criteria:

*

Tasks:

  • Create a user interface to manage users, groups and permissions that is accessible to the administrator only.
  • Create a intermediate layer with corresponding database functionality.

As an administrator I want to have the possibility to forward permissions from an entity to others.

Acceptance criteria:

  • I want that I can automatically derive my permissions on 'Sample' from the sharing permissions that are set on Investigation
  • Please add!

Tickets:

  • Create a function as part of the admin interface to forward permissions from an entity to others that are connected with it (xref, mref).

As authenticated user I want to create my private groups of users and, for objects that I own, add permissions on users or groups.

"My sharing preferences" screen

Acceptance criteria:

  • I want to indicate for each of the Investigations I own what groups are allowed to edit and view.
  • I want to be able to transfer ownership of a data objects to another user
  • I want to be able to transfer ownership on all my data object to another user
  • I want to say that my friend Peter can see all Protocols that I own but not all my ObservedValue? except those ObservedValue? I marked as 'public'.
  • , Erik, can give my co-workers Despoina and Robert read-only access to all the features, values and targets belonging to my investigation AnimalDB.
  • If multiple permissions apply the narrower ones override the broader ones.
  • Please add!

Tickets:

  • Rename MolgenisRole to MolgenisGroup.
  • Connect MolgenisUsers to MolgenisGroups using a many-many relationship. Figure out how to do that best: mref, explicit bridge table, inheritance, ...
  • Create a table that contains MolgenisElements and connects them with MolgenisUser's and Permissions.
  • Make Molgenis check permissions via central class. (To be refined.)
  • Create a user interface to manage permissions for the entities owned by the user that is logged in.

As a anonymous user I want to see all the entities I am entitled to see without logging in.

Acceptance criteria:

  • I, Anonymous, can use the application and see all entities which are available to the user "anonymous".

Tickets:

  • Make sure that every database instance has a special 'anonymous' user
  • Make the login class to log in this public user by default.

Ticket Summary
No tickets found