We've discussed using CAS authentication to ensure people don't mess with the data. However, Jose-Luis has expressed the desire to have anyone able to see the data and download it for study. Basically I don't know much about CAS but this is just an overview of what Mallory and Andrew and I had discussed concerning authentication...
Tree Data: we conveniently have two separate files for unauthenticated vs. authenticated users. Anything with "reports" should be public, while anything with "update" should be protected behind CAS authentication.
Then there is the issue of admin users (probably just Jose-Luis) who could add plots, sites, and delete trees. We don't yet have an interface for adding sites and plots, but we do allow deleting trees in what will eventually be the authenticated user interface.
Litterfall: since adding functionality for editing observations, we don't have any interface that doesn't let you mess with the data. We could create a view without edit buttons, but it would include a lot of duplication of code. I was wondering whether the router itself could cause a redirect based on the user's authentication status. Then we wouldn't have to worry about people clicking on the edit buttons, because they would never arrive at the edit page.
There also is not a way to delete observations at the moment. Not sure there should be... in the rare event of a duplicate or something, the student could contact JL who could contact one of us and we could delete it from the database directly.
We've discussed using CAS authentication to ensure people don't mess with the data. However, Jose-Luis has expressed the desire to have anyone able to see the data and download it for study. Basically I don't know much about CAS but this is just an overview of what Mallory and Andrew and I had discussed concerning authentication...
Tree Data: we conveniently have two separate files for unauthenticated vs. authenticated users. Anything with "reports" should be public, while anything with "update" should be protected behind CAS authentication.
Then there is the issue of admin users (probably just Jose-Luis) who could add plots, sites, and delete trees. We don't yet have an interface for adding sites and plots, but we do allow deleting trees in what will eventually be the authenticated user interface.
Litterfall: since adding functionality for editing observations, we don't have any interface that doesn't let you mess with the data. We could create a view without edit buttons, but it would include a lot of duplication of code. I was wondering whether the router itself could cause a redirect based on the user's authentication status. Then we wouldn't have to worry about people clicking on the edit buttons, because they would never arrive at the edit page.
There also is not a way to delete observations at the moment. Not sure there should be... in the rare event of a duplicate or something, the student could contact JL who could contact one of us and we could delete it from the database directly.