Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Design how RM should be configurable w.r.t. institutions #206

Open
blcham opened this issue Aug 8, 2024 · 2 comments
Open

Design how RM should be configurable w.r.t. institutions #206

blcham opened this issue Aug 8, 2024 · 2 comments
Assignees

Comments

@blcham
Copy link

blcham commented Aug 8, 2024

Related to #202.

@blcham
Copy link
Author

blcham commented Aug 8, 2024

Scenarios:

  • [AVA OPERATOR] We want to have only one institution, and the user should be added to the institution by default
    • UI will not have pages to edit assignments of users to an institution (it should be only read-only)
    • [AO/ONLINE]
      • Publish could work as follows:
          1. The user logs in through AVA-keycloak and writes email to AVA admin
          1. AVA admin assign him to its organization (automate this?)
          1. AVA admin adds appropriate rights to the user (we do not want to make this automatic)
    • [AO/OFFLINE]
      • Operator user sends email/bring USB key with new records to AVA admin
      • AVA admin creates the user in AVA-keycloak and assign him to proper organization
      • AVA admin impersonate the user
      • AVA admin imports the records
      • [OPTIONAL] AVA admin can send credentials ton the user so he would be possible to do it any time later
  • [AVA ADVANCED OPERATOR] We want to have only the operator's institution + admin institution, and user should be added to the operator's institution by default
  • [AVA SUPPLIER] - We do not want to allow users not being assigned to an institution
    • list of users would visualize those users that are invalid, i.e. does not have institution assigned (e.g. mark them red)
  • [NON-ANONYMOUS QUESTIONARE] - We want to users without institution being able to create/edit records.

@blcham blcham self-assigned this Aug 8, 2024
@blcham blcham changed the title Describe how RM should be configurable w.r.t. institutions Design how RM should be configurable w.r.t. institutions Aug 8, 2024
@blcham
Copy link
Author

blcham commented Aug 9, 2024

Open questions:

  • [1] How to handle user not being assigned to an institution [AVA SUPPLIER]
    • we should have .env variable to ensure all users belong to an organization REQUIRED_INSTITION_ASSIGNMENT=true
    • alternatives:
      • make it automatic so admin cannot forget
        • (requires [2.1]) have GraphDB rule to assign every "native" user to AVA institution (by extending [3] and having institution "flagged" as being default, we might not even need variable AUTOMATIC_ASSIGNMENT_OF_INSTITUTION). In this case we need to differentiate !!safely!! that it is native user -- existence of "IDP id" is dangerous.
        • have automatic assignement of operator's institution (i.e. [2])
      • show appropriate error to the user that he does not have institution assigned
        • if REQUIRED_INSTITION_ASSIGNMENT=true, then user should see only dashboard showing red message "No actions to do as you are not assigned to any institution. Contact administrator."
      • the user would not be able to sign in if does not belong to an institution, but appropriate error would be shown to him
        • if REQUIRED_INSTITION_ASSIGNMENT=true, show same message as above
  • [2] How to automate assignement of operator's institution at AVA supplier [AVA OPERATOR]
    • configuration within IDP should give id from which institution is the operator
    • alternative:
      • [2.1] implement keycloak plugin to save provider id (=institution id) + GRAPHDB rule
      • implement in record manager (use provider id) to assign user to the institution
  • [3] How to implement default institution [AVA OPERATOR] ?
    • we would have .env variable AUTOMATIC_ASSIGNMENT_OF_INSTITUTION=true
    • alternatives:
      • GraphDB inference rule that would find the institution in the repository and assign it to every user
      • implementation in keycloak plugin where we configure using .env to add any concrete triple: ?user ?p ?o .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants