Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/global sharing #2956

Open
wants to merge 17 commits into
base: master
Choose a base branch
from

Conversation

rkboyce
Copy link
Contributor

@rkboyce rkboyce commented Sep 16, 2024

This pull request adds OPTIONAL functionality to Atlas/WebAPI where folks have chosen to implement optional enhancement that allows read permission to be restricted so that only users with read access to a given artifact can view them (see description in the Atlas set up guide and more details on the WebAPI wiki.

The feature makes it possible for users of an Atlas instance that is restricting read access to share an artifact they own publicly. Example:

  1. User 1 creates a concept or cohort definition and wants to make it public so that it is visible in the list of artifacts returned when another user goes to the respective listing
  2. User 1 clicks on the lock icon which pops up a modal to configure permissions. The user scrolls to the bottom and selects the button and selects "Granted" under where it says "Status of global READ access"
  3. The effect of this is to add permission mappings in the sec_role_permission table so that the public role has read access to the artifact.

This operation can be reversed:

  1. User 1 decides to remove the artifact from public shared status. The user clicks on the lock icon which pops up a modal to configure permissions. The user scrolls to the bottom and selects the button and selects "Not Granted" under where it says "Status of global READ access"
  2. The effect of this is to remove permission mappings in the sec_role_permission table so that the public role no longer has read access to the artifact.

One additional feature is that artifact sharing can be restricted to only certain users. This pull request adds the enablePermissionManagement config option to config-local.js. If is set to true then, only users a specific permission ('artifact:global:share:put'), are able to share. This is useful for data commons or other collaboratives where there are many users and a small group of admins or moderators would like to filter the items shared publicly.

If this pull request is accepted, the documentation above should be copied into the the Atlas set up guide](https://github.com/OHDSI/Atlas/wiki/Atlas-Setup-Guide) and referenced from the WebAPI wiki](https://github.com/OHDSI/WebAPI/wiki/Read-restricted-Configuration).

rkboyce and others added 17 commits April 17, 2024 01:39
…ranting write access to a global shared artifact reader role that would be given to all users. Next steps are to 1) make this configurable, 2) allow users to configure the global author role if they want only some users to be able to grant global read access, and 3) set up global read role for all users as a default assigned system role
…'public' role since this would remove the need to change WebAPI to add a new system role that pretty much duplicates 'public'
…rt to only persons who have been granted permission to change the same cohort.
...to better reflect its real purpose
fix: adjust permission name to "artifact:global:share:put"
...previous name isPermittedGlobalShareCohort did not reflect the
fact that it is about all kind of artifacts
Fix: better name for isPermittedGlobalShareArtifact
@anthonysena anthonysena linked an issue Nov 19, 2024 that may be closed by this pull request
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Enhancement] "Globally" shared artifacts
2 participants