Separating Subjects from AccessRequirement
Background
Current Object Models
AccessRequirement (interface) |
|---|
Long id |
String createdOn |
String modifiedOn |
String createdBy |
String modifiedBy |
String concreteType |
String etag |
List<RestrictableObjectDescriptor> subjectIds |
Long versionNumber |
ACCESS_TYPE accessType |
Current APIs
These services take and/or return an AccessRequirement object that contains a list of RestrictableObjectDescriptor.
Current Database
CREATE TABLE `ACCESS_REQUIREMENT` ( `ID` bigint(20) NOT NULL, `ETAG` char(36) NOT NULL, `CURRENT_REV_NUM` bigint(20) DEFAULT '0', `CREATED_BY` bigint(20) NOT NULL, `CREATED_ON` bigint(20) NOT NULL, `ACCESS_TYPE` enum('DOWNLOAD','PARTICIPATE') NOT NULL, `CONCRETE_TYPE` varchar(100) CHARACTER SET latin1 COLLATE latin1_bin DEFAULT NULL, PRIMARY KEY (`ID`), KEY `ACCESS_REQUIREMENT_CREATED_BY_FK` (`CREATED_BY`), CONSTRAINT `ACCESS_REQUIREMENT_CREATED_BY_FK` FOREIGN KEY (`CREATED_BY`) REFERENCES `JDOUSERGROUP` (`ID`)) ENGINE=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE `ACCESS_REQUIREMENT_REVISION` ( `OWNER_ID` bigint(20) NOT NULL, `NUMBER` bigint(20) NOT NULL, `MODIFIED_BY` bigint(20) NOT NULL, `MODIFIED_ON` bigint(20) NOT NULL, `SERIALIZED_ENTITY` mediumblob, PRIMARY KEY (`OWNER_ID`,`NUMBER`), KEY `ACCESS_REQUIREMENT_REVISION_MODIFIED_BY_FK` (`MODIFIED_BY`), CONSTRAINT `ACCESS_REQUIREMENT_REVISION_MODIFIED_BY_FK` FOREIGN KEY (`MODIFIED_BY`) REFERENCES `JDOUSERGROUP` (`ID`), CONSTRAINT `ACCESS_REQUIREMENT_REVISION_OWNER_FK` FOREIGN KEY (`OWNER_ID`) REFERENCES `ACCESS_REQUIREMENT` (`ID`) ON DELETE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE `NODE_ACCESS_REQUIREMENT` ( `SUBJECT_ID` bigint(20) NOT NULL, `SUBJECT_TYPE` enum('ENTITY','EVALUATION','TEAM') NOT NULL, `REQUIREMENT_ID` bigint(20) NOT NULL, PRIMARY KEY (`SUBJECT_ID`,`SUBJECT_TYPE`,`REQUIREMENT_ID`), KEY `SUBJECT_ACCESS_REQUIREMENT_REQUIREMENT_ID_FK` (`REQUIREMENT_ID`), CONSTRAINT `SUBJECT_ACCESS_REQUIREMENT_REQUIREMENT_ID_FK` FOREIGN KEY (`REQUIREMENT_ID`) REFERENCES `ACCESS_REQUIREMENT` (`ID`) ON DELETE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Current Workflow
ACT member used to create AccessRequirements via a script. We are deprecating the script and encouraging users to use the web client implementation.
Creating an AccessRequirement and applying it to an entity works as following:
An ACT member navigates to a subject A (entity or team) that they want to apply new AccessRequirement to.
S/he creates an AccessRequirement B for the subject, setting up the terms, and specifying all requirements.
Later new data C is added to Synapse.
An ACT member determines that the new data should have the same AccessRequirement with A. S/he navigates to A and list A's AccessRequirement to find the one they are looking for.
S/he changes the existing AccessRequirement, extends it to also apply to C.