Skip to content

Fetch characterization generation results permission is deleted when deleting a characterization asset. #2412

New issue
New issue
Closed
#2413
Closed
Fetch characterization generation results permission is deleted when deleting a characterization asset.#2412
#2413
Milestone
v2.15
@chrisknoll

Description

@chrisknoll
chrisknoll
opened on Nov 22, 2024

Expected behavior

Deleting a characterization should not remove permissions from accessing other generations.

Actual behavior

When you delete a characterization, it uses the permission schema to remove permissions. One of those permissions is a wildcard permission (ie: not ID-specific) that leads to all access to generations being removed.

Steps to reproduce behavior

  1. Delete a characterization
  2. Note all further access to generation results is 403
  3. Also note the permission for cohort-characterization:generation:*:get is gone.

Fix note

The problem is that the CharacterizationPermissionSchema includes wildcards:

   private static Map<String, String> readPermissions = new HashMap<String, String>() {{                                     
       put("cohort-characterization:%s:get", "Get cohort characterization");                         
       put("cohort-characterization:%s:generation:get", "Get cohort characterization generations");
       put("cohort-characterization:generation:*:get", "Get cohort characterization generation");
       put("cohort-characterization:design:get", "cohort-characterization:design:get");
       put("cohort-characterization:%s:design:get", "Get cohort characterization design");                         
       put("cohort-characterization:design:%s:get", "view cohort characterization with id %s");
       put("cohort-characterization:%s:version:get", "Get list of characterization versions");                         
       put("cohort-characterization:%s:version:*:get", "Get list of characterization version");
    }};

When an entity is deleted, the onDelete of the permission schema is executed:

    public void onDelete(CommonEntity commonEntity) {

        Map<String, String> permissionTemplates = getAllPermissions();
        permissionManager.removePermissionsFromTemplate(permissionTemplates, commonEntity.getId().toString());
    }

So it removes all permisssons including the wildcard one. in the above list, I believe the following are not entity-specific and should be removed from the permissions schema, but should be part of the Atlas User role (not a personal user role as these permissions are assumed to belong to)

       put("cohort-characterization:generation:*:get", "Get cohort characterization generation");
       put("cohort-characterization:design:get", "cohort-characterization:design:get");

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions