Handle Owner: Added arg 'handleowner' to JSON credentials file.

[merretbuurman]

Handle Owner: Added arg 'handleowner' to JSON credentials file. Also adapted handle creation to use this handleowner in HS_ADMIN, if specified. Added unit tests for this.

[cookie33]

Hi,

Is the user who normally owns handles still able to modify and delete handles which are created by an other user? I don't see how this works. Now I also have handles which are f.i created with the HS_ADMIN: 300:0.NA/841. With HS_ADMIN 350:0.NA/841 I am able to do anything with it.

And I don't think there are group bits in the HS_ADMIN field.

[merretbuurman]

Hi cookie, it all depends on how you configure your users. The admin rights granted in 0.NA/prefix can be "cascaded down" using HS_VLIST entries. For example, we can have a HS_VLIST in 200:0.NA/prefix, pointing to a user and to another HS_VLIST in 200:prefix/admin, which then again points to three different users. In that case, if as "handleowner" you put 200:0.NA/prefix, everyone with admin rights can modify/delete it. If you put 200:prefix/admin, only the three users can modify it. If you put one of the three users, only that user can modify it. My idea behind this was that someone may want to give different passwords to different users (Alice and Bob), but we still may want to have handles that can be modified by all users of a specific group (e.g. all EUDAT users).

Note: Of course, if Alice puts Bob as the handle owner, she herself cannot modify the handle anymore - if that is a problem, I can explicitly add another HS_ADMIN entry with the authenticated user.

[cookie33]

Hi Merret,

Thanks for the info. I will have a look at it.