Ticket #440 (closed Task: worksforme)

Opened 7 years ago

Last modified 5 years ago

disable fileupload?

Reported by: JuergeN Owned by: jri
Priority: Major Milestone:
Component: DeepaMehta Standard Distribution Version: 4.1
Keywords: Cc:
Complexity: 3 Area: GUI / Usability
Module: deepamehta-webclient

Description

Refering to #409 I have created a user named 'testuser' and a workspace named 'Demo'. I have deleted the aggregation between testuser and the default workspace DeepaMehta and created a new aggregation of the same type between the new workspace 'Demo' and the 'testuser'. How comes, the testuser can still upload files, but the workspace 'Demo' does not have any associations to FILES or any other topic. I just do not know what I have to do.

Could you please try to provide a short step by step introduction how I can diasable fileupload for a certain user? Thank you!

Change History

comment:1 Changed 7 years ago by jri

Your reasoning is right.
Just one thing: a "workspace membership" is represented by an Aggregation between a Username and the Workspace. Not between a User Account and the Workspace.

So, to create a membership, reveal the User Account's Username topic first and associate that one.

Hint: in your case it would be easier to create the Workspace first, and the User Account afterwards. That way the new User Account (including its Username topic) is assigned to the new Workspace by default. This frees you from reassigning the workspace manually.

All things created are assigned to the current workspace. Creating a workspace makes that one the current workspace.

Thanks for your question!

comment:2 Changed 7 years ago by jri

One more hint: a newly created Workspace has no types assigned to it. So, if this workspace is the only one a user is a member of, she can't create anything. To enable the user to create topics, assign the proper types to the new workspace.

The permission to create a File Browser is bound to the Folder type.
The permission to create Folders in the File Repository is bound to the Folder type as well.
The permission to upload Files is bound to the File type.

This policy is not fixed but controlled by the type's ACL. By default every type has at least this ACL entry:

CREATE: CREATOR, OWNER, MEMBER

The MEMBER role means that every member of each workspace the type is assigned to has the permission to CREATE instances of that type.

An ACL entry has the format:

Operation: list of Roles

The permission to perform that Operation is granted to each user who occupies at least one of the listed Roles.

Currently DM Access Control mechanism provides 2 Operations (WRITE, CREATE) and 5 Roles (CREATOR, OWNER, MEMBER, USER, EVERYONE). Each topic (and thus each type) and each association has its individual ACL.

comment:3 Changed 5 years ago by jri

  • Status changed from new to closed
  • Resolution set to worksforme

Since DM 4.5 we have a completely new Access Control mechanism (#592).
Since DM 4.7 also the file repositories are under access control (#815) (and we have per-user upload quotas, #812).
Upload/download permissions are regarded complete.

Note: See TracTickets for help on using tickets.