search

magda-io / magda

A federated, open-source data catalog for all your big data and small data
https://magda.io
Apache License 2.0
510 stars 93 forks source link

Should allow set dataset as public visible by setting `orgUnitId` to an empty string #3412

Closed t83714 closed 2 years ago

t83714 commented 2 years ago

Should allow set dataset as public visible by setting orgUnitId to an empty string

Currently, we can set access-control aspect / orgUnitId field to undefined (or remove it) to make the dataset publicly visible (still subject to the user role's read permission).

However, setting values ~like null or~ an empty string to the field won't work due to how the rego policy is evaluated.

On the other hand, it's hard to set the field to undefined (or remove it) in bulk (as most of time, we will want to do "merge" operations on access-control aspect)

This ticket is about updating the policy to make it recognise ~null &~ empty string so that we can set empty string to the field instead of having to remove the field or setting undefined.

Update

Due to different null value support on different system (and complexity), we will not allow setting null value to orgUnitId.

Instead, we can only set orgUnitId to an empty string (or remove the field) to make it publicly visible

t83714 commented 2 years ago

closed via PR: https://github.com/magda-io/magda/pull/3413