...
Currently, AccessRequirment (AR) include a list of “subjectIds” that define what Entities (or Teams) the AR applies too. With the proposed changes, they subjectIds would no longer be provided as part of the AR. Instead, Synapse would “automatically” determine which files are associated with an AR based on the JSON schema of the project. The would most likely be a new AR type, so we can maintain backwards compatibility for existing ARsThere are currently six types of ARs:
LockAccessRequirement - Added when a user “reports” an Entity for some type of violation.
SelfSignAccessRequirement - Used to require users to be either certified or validated.
PostMessageContentAccessRequirement - deprecated
TermsOfUseAccessRequirement - Requires the users to accept the defined terms-of-use
ACTAccessRequirement - Older tier-3 AR requiring ACT approval.
ManagedACTAccessRequirement Newer tier-3 AR requiring ACT approval via the submission process.
Currently all six AR’s include a subjectIds list within the actual AR. Subjects are added/removed from these ARs by updating the actual AR object using either the CREATE or UPDATE services. We will likely need to continue to maintain each of these ARs types for the foreseeable future.
With this design, we are proposing a new system for assigning the subjects to ARs. Rather than explicitly modifying the subjects of each AR, the new system will allow subjects to be “automatically” bound to ARs based on the new derived ar# annotations of Entities. We will likely need to apply this new system to three of the six AR types: SelfSignAccessRequirement, TermsOfUseAccessRequirement, & ManagedACTAccessRequirement. Rather than define multiple new AR types, we proposed extending all ARs by adding the following property:
| Code Block | ||
|---|---|---|
| ||
"properties": {
...
"subjectsDefinedByAnnotations": {
"type": "boolean",
"description": "Defaults to 'false'. When 'true', the items controlled by this AR are defined by the the'_ar#' annotations on individual entities. This property is mutually exclusive with 'subjectIds'. If this is set to 'true' then 'subjectIds' must be excluded."
},
...
"subjectIds": {
"type": "array",
"description": "The IDs of the items controlled by this Access Requirement. Required when creating or updating.",
"transient": true,
"items": {
"type":"object",
"$ref":"org.sagebionetworks.repo.model.RestrictableObjectDescriptor"
}
}
...
} |
This will allow for the configuration of an AR to either define the subjects within the ‘subjectIds’ list or define subjects by _ar# annotations.