Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/global sharing #2956

Open
wants to merge 17 commits into
base: master
Choose a base branch
from
Open

Feature/global sharing #2956

wants to merge 17 commits into from

Conversation

rkboyce
Copy link
Contributor

@rkboyce rkboyce commented Sep 16, 2024

This pull request adds OPTIONAL functionality to Atlas/WebAPI where folks have chosen to implement optional enhancement that allows read permission to be restricted so that only users with read access to a given artifact can view them (see description in the Atlas set up guide and more details on the WebAPI wiki.

The feature makes it possible for users of an Atlas instance that is restricting read access to share an artifact they own publicly. Example:

  1. User 1 creates a concept or cohort definition and wants to make it public so that it is visible in the list of artifacts returned when another user goes to the respective listing
  2. User 1 clicks on the lock icon which pops up a modal to configure permissions. The user scrolls to the bottom and selects the button and selects "Granted" under where it says "Status of global READ access"
  3. The effect of this is to add permission mappings in the sec_role_permission table so that the public role has read access to the artifact.

This operation can be reversed:

  1. User 1 decides to remove the artifact from public shared status. The user clicks on the lock icon which pops up a modal to configure permissions. The user scrolls to the bottom and selects the button and selects "Not Granted" under where it says "Status of global READ access"
  2. The effect of this is to remove permission mappings in the sec_role_permission table so that the public role no longer has read access to the artifact.

One additional feature is that artifact sharing can be restricted to only certain users. This pull request adds the enablePermissionManagement config option to config-local.js. If is set to true then, only users a specific permission ('artifact:global:share:put'), are able to share. This is useful for data commons or other collaboratives where there are many users and a small group of admins or moderators would like to filter the items shared publicly.

If this pull request is accepted, the documentation above should be copied into the the Atlas set up guide](https://github.com/OHDSI/Atlas/wiki/Atlas-Setup-Guide) and referenced from the WebAPI wiki](https://github.com/OHDSI/WebAPI/wiki/Read-restricted-Configuration).

rkboyce and others added 17 commits April 17, 2024 01:39
@rkboyce
brought in first working ability to configure global read access by g…
5a97b39 
…ranting write access to a global shared artifact reader role that would be given to all users. Next steps are to 1) make this configurable, 2) allow users to configure the global author role if they want only some users to be able to grant global read access, and 3) set up global read role for all users as a default assigned system role
@rkboyce
first working configuration of sharing using an authoring role
61dcae0
@rkboyce
some fixes to global sharing after testing; moved the shared reader r…
8f46884 
…ole to a new roleid.
@rkboyce
started to implement the ability to hide the share-global buttons but…
b99d5d5 
… then decided not to
@rkboyce
changed the 'shared artifact reader' role checked by Atlas to be the …
8396b4d 
…'public' role since this would remove the need to change WebAPI to add a new system role that pretty much duplicates 'public'
@rkboyce
added the configurable ability to restrict generation of a given coho…
0493316 
…rt to only persons who have been granted permission to change the same cohort.
@pieterlukasse
feat: introduce a new permission instead of relying on a role
7e21378
@pieterlukasse
fix: correct styling for sharing buttons on access modal ui
649cc7e
@pieterlukasse
fix: cleanup/remove unnecessary parts
0946559
@rkboyce
Merge pull request #2 from uc-cdis/fix/final-global-sharing
ca11cc3 
Fix/final global sharing
@pieterlukasse
fix: adjust permission name to "artifact:global:share:put"
b24266b 
...to better reflect its real purpose
@rkboyce
Merge pull request #3 from uc-cdis/fix/final-global-sharing_part2
b162fd5 
fix: adjust permission name to "artifact:global:share:put"
@pieterlukasse
fix: remove dead code
3bcffd5 
based on this discussion OHDSI#2929 (comment)
@rkboyce
Merge pull request #7 from pieterlukasse/patch-1
058ace5 
Fix: remove dead code
@rkboyce
Merge branch 'OHDSI:master' into feature/global-sharing
b8017b9
@pieterlukasse
fix: better name for isPermittedGlobalShareArtifact
4872345 
...previous name isPermittedGlobalShareCohort did not reflect the
fact that it is about all kind of artifacts
@rkboyce
Merge pull request #4 from uc-cdis/fix/owner_check_and_remove_dead_code
01eca8c 
Fix: better name for isPermittedGlobalShareArtifact
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rkboyce @pieterlukasse