Add more control to add_bulk_permissions

Issue #517 new
Shivashis Padhi created an issue

https://bitbucket.org/wxmetvis/mss/src/develop/mslib/mscolab/add_bulk_permissions.py now allows a template similar to

p1
u1 v
u2 c

p2
u1 a
u2 v

This means, _insert u1 user as viewer, insert u2 as collaborator into project p1. And, insert u1 user as admin, insert u2 user as viewer into project p2. We have to refactor this to consider also a similar json input, since it’s more readable.

Comments (15)

  1. Akshansh Bhanjana

    Hi @Shivashis Padhi , I would like to work on this.

    Could you provide an example of a sample json input for the same?

  2. Shivashis Padhi reporter

    {
      "add" : {
        "project1" : {
          "collaborator": ["user1", "user2", "user3"],
          "administrator": ["user5", "user7"],
          "viewer": ["user4", "user6"]
        },
        "project2": {
          "viewer": ["user1", "user2"]
        }
      },
      "modify": {
        "project3": {
          "user1": "viewer",
          "user3": "admin"
        }
      },
      "delete": {
        "project4": ["user1", "user5"]
      }
    }
    

    @Joern Ungermann looks good?

  3. Akshansh Bhanjana

    @Shivashis Padhi , couldn’t we club add and modify?
    As it is the same user won’t be present in both of them simultaneously, right?

  4. Shivashis Padhi reporter

    no. this is just for reference. same users won’t be there for ‘add’ ‘delete’ under same project.

  5. Shivashis Padhi reporter

    Didn’t read your question properly back then, but to add to my answer, we can't club ‘add’ ‘modify’ , because in ‘add’ you upsert, while in ‘modify’ you check if it exists, if the username and permission doesn’t exist, the admin must know.

  6. Joern Ungermann

    Hi, I am not too depp into the MSCO permission, but the JSON looks reasonable. Would it be feasible to configure wildcards to, i.e., give all users “view” access with something such as

    "viewer": [“*”]
    

    ?

  7. Shivashis Padhi reporter

    Understood, it can be explicitly checked for and if ‘*' is found, all the users in database be made 'viewers’ for that project. Can this be done @Akshansh Bhanjana ?

  8. Joern Ungermann

    Perfect! We need to keep use-cases with less security-needs in mind; scientist often prefer easy-of-use. So enabling both secure and easy-to-use setups would be perfect!

  9. Tanish Grover

    @Reimar Bauer As we now have the admin dashboard we can maybe close this issue as this is not required anymore?

  10. Log in to comment