Description
Now GeoStore owner works in the following way:
Owner is an attribute of a resource that allows to have write permission on it.
At the moment, if owner property is present, editing security rules is allowed only to the "owner".
If owner is not present, Security rules can be edited by all users with write permission.
At the moment the owner should (verify) be present always in a separated security rule too (user rule).
We should evaluate to :
- Remove the current owner logic
- Allow owner to be handled by geostore
- Allow to transfer ownership
- In this case evaluate the pemissions of the owner and how they differ from
canWrite permission.
- users with
canWrite can Add Security Rules?
- users with
canWrite can Delete Security Rules?
- users with
canWrite can Delete the Resource ?
- users with
canWrite can change attributes (owner should be a special attribute) ?
Make sure to make it consistent with owner permissions. For instance if user with canWrite is denied to change owner, but can delete it or edit the owner attribute, it doesn't make to much sense.
*Suggested implementation by @offtherailz
Maybe we can handle ownership using the single user security rule created by mapstore.
Description
Now GeoStore owner works in the following way:
Owner is an attribute of a resource that allows to have write permission on it.
At the moment, if owner property is present, editing security rules is allowed only to the "owner".
If owner is not present, Security rules can be edited by all users with write permission.
At the moment the owner should (verify) be present always in a separated security rule too (user rule).
We should evaluate to :
canWritepermission.canWritecan Add Security Rules?canWritecan Delete Security Rules?canWritecan Delete the Resource ?canWritecan change attributes (owner should be a special attribute) ?Make sure to make it consistent with owner permissions. For instance if user with
canWriteis denied to change owner, but can delete it or edit the owner attribute, it doesn't make to much sense.*Suggested implementation by @offtherailz
Maybe we can handle ownership using the single user security rule created by mapstore.