= Authentication and Authorization module user stories = Data: * structural elements include entities (table), fields (columns), and user interface screens * instance elements are the 'rows' or 'objects'. Users: * anonymous user: users who are not logged in * authenticated user: users that have registered to the system * adminstrator: special authenticated user who may manage overall permissions for the MOLGENIS app. Permission: * read permission: ability to view the data * write permissions: ability to edit the data * execute: ability to use data inside processing * ownership: ability to add or remove data or set permissions * sharing permissions: that is row-level security which is defined as defining permissions per data row/object. [[TOC()]] == As authenticated user I want to define data permissions including read, write, execute and ownership. == Acceptance criteria: * Please add! Tickets: * Extend Permission enum in DatabaseLogin to cover read, write, execute and ownership. == As an administrator I want to set permissions on entities including entities, fields, rows and screens. == Acceptance criteria: * Please add! Tickets: * Create an interface MolgenisElement. Make Entity, Field, ScreenModel implement MolgenisElement. * Create an interface Authorizable with fields owner: xref->!MolgenisUser, shareRead: xref->!MolgenisGroup, shareWrite: xref->!MolgenisGroup. == As authenticated user I want to create my own groups of users and add permissions on users or groups. If multiple permissions apply the broader ones override the narrower ones. == Acceptance criteria: * I want to say that my friend Peter can see all my Protocols but not all my ObservedValue except those ObservedValue I marked as 'public'. * Please add! Tickets: * Rename !MolgenisRole to !MolgenisGroup. * Connect !MolgenisUsers to !MolgenisGroups using a many-many relationship. Figure out how to do that best: mref, explicit bridge table, inheritance, ... * Create a table that contains !MolgenisElements and connects them with !MolgenisUser's and Permissions. * Make Molgenis check permissions via central class. (To be refined.) * Create a user interface to manage permissions for the entities owned by the user that is logged in. == As an administrator I want to be able to manage users and groups. == Acceptance criteria: * Tickets: * Create a user interface to manage users and groups that is accessible to the administrator only. == As an administrator I want to have the possibility to forward permissions from an entity to others. == Acceptance criteria: * I want that I can automatically derive my permissions on 'Sample' from the sharing permissions that are set on Investigation * Please add! Tickets: * Create a function as part of the admin interface to forward permissions from an entity to others that are connected with it (xref, mref). == As a anonymous user I want to see all the entities I am entitled to see without logging in. == Acceptance criteria: * Please add! Tickets: * Create a public user. * Make the login class to log in the public user by default. == As an investigator I want to be able to share the permissions on all entities belonging to my investigation with other users or groups. == Acceptance criteria: * I, Erik, can give my co-workers Despoina and Robert read-only access to all the features, values and targets belonging to my investigation AnimalDB. * Please add! Tickets: * See above.