Should allow set dataset as public visible by setting orgUnitId to an empty string
Currently, we can set access-control aspect / orgUnitId field to undefined (or remove it) to make the dataset publicly visible (still subject to the user role's read permission).
However, setting values ~like null or~ an empty string to the field won't work due to how the rego policy is evaluated.
On the other hand, it's hard to set the field to undefined (or remove it) in bulk (as most of time, we will want to do "merge" operations on access-control aspect)
This ticket is about updating the policy to make it recognise ~null &~ empty string so that we can set empty string to the field instead of having to remove the field or setting undefined.
Update
Due to different null value support on different system (and complexity), we will not allow setting null value to orgUnitId.
Instead, we can only set orgUnitId to an empty string (or remove the field) to make it publicly visible
Should allow set dataset as public visible by setting
orgUnitId
to an empty stringCurrently, we can set
access-control
aspect /orgUnitId
field toundefined
(or remove it) to make the dataset publicly visible (still subject to the user role's read permission).However, setting values ~like
null
or~ an empty string to the field won't work due to how the rego policy is evaluated.On the other hand, it's hard to set the field to undefined (or remove it) in bulk (as most of time, we will want to do "merge" operations on
access-control
aspect)This ticket is about updating the policy to make it recognise ~
null
&~ empty string so that we can set empty string to the field instead of having to remove the field or settingundefined
.Update
Due to different
null
value support on different system (and complexity), we will not allow settingnull
value toorgUnitId
.Instead, we can only set
orgUnitId
to an empty string (or remove the field) to make it publicly visible