Document toolboxDocument toolbox

Data contribution without certification

Owned by Marco Marasca
Last updated: Mar 09, 2020
2 min read

From

PLFM-5908 - Getting issue details... STATUS
.

Use cases discussed here: https://docs.google.com/document/d/1koH4PxTwhjA46rpxW01X8nME6FTnQ8PZ1Ew-DwB-2v4

Synapse requires any user that wants to create or edit data to be certified. The certification requires the user to pass a quiz to evaluate their familiarity with the Synapse data use procedure (See https://docs.synapse.org/articles/accounts_certified_users_and_profile_validation.html).

The use case is for a set of projects where Sage is acting as a Data Coordinating Center responsible for receiving and curating the data before making the curated data available to reduce the friction in contributing to the data.

The idea is to allow to configure a project so that the user certification check is bypassed once vetted by ACT. The users are not considered certified, but we still want to allow them to contribute and we as DCC should validate the uploaded data before making it public.

API Design

The changes to the API would involve the following additions:

  1. A new ProjectSetting to allow enabling/disabling the configuration. Can be of type certification with a boolean property certificationRequired. The following restrictions apply:

    1. Can be applied to Projects only (e.g. not allowed at the folder level)

    2. Can be created/updated only by ACT

  2. Add a property certificationRequired to the response of the GET /entity/{id}/permissions that indicates if certification is required for editing and/or create (add child). The current properties (e.g. isCertifiedUser, canEdit, canCertifiedUserEdit etc) would need to be computed accordingly.

Additional constraints:

No additional constraint is applied aside from:

  1. Only certified users are allowed to add/remove ACLs despite the change permission access

  2. The rest would work the same, if a user that is not certified creates an entity in a project for which the certification is not required the certification check is bypassed and the standard ACL/AR checks are performed (the user still needs to be allowed to create/edit).

Note: when an entity is moved under a different entity (or restored from the trashcan) the same access checks apply according to the target container (e.g. there is not special treatment as the target holds the access requirements/certification requirements etc).

Auditing:

We need to keep track of the entities that have been created without certification: we already store the user certification date so we can infer this information from the data warehouse already. If might be useful to add a new property to the node snapshot that indicates if the project was configured this way when the snapshot was taken (E.g. CERTIFICATION_REQUIRED, default true for past entities).

We might want to also add snapshot of the node configuration so to keep track when/who enabled/disabled the project configuration.