This PR implements #36, allowing data restrictions to records which censors certain pieces of data depending on user permissions. This relies on the janus 'restricted' permission, which can be set for each user for each project, independent of their role (so you can be a restricted admin, or an unrestricted viewer).
A note on nomenclature - I am using 'restricted user' to mean "cannot access restricted data", and 'unrestricted user' to mean "can access restricted data". This nomenclature might be annoying or confusing - however, I think it's pretty clear how it actually applies to the data (restricted data is censored, non-restricted data is visible).
There are two ways to restrict data. The first is adding the 'restricted' attribute, defined on a model as so:
class MyModel < Magma::Model
restricted
end
This adds a boolean attribute named 'restricted' to the model. This attribute may be queried as normal. However, restricted users cannot retrieve or modify ANY data from a record where 'restricted' is true.
The second way is to add 'restricted' to any attribute, defined like so:
class MyModel < Magma::Model
attribute :my_attribute, restricted: true
end
This prevents any restricted user from retrieving data in this attribute from ANY record (whether or not it is 'restricted' as in the first case).
If you think of the model/records as a table, the first method censors rows (records), the second censors columns (attributes).
The way this is implemented is by passing the instruction to restrict into Magma::Question and Magma::Revision, which either filter records (first method) or raise an error (second method) if the data should not be visible.
This PR implements #36, allowing data restrictions to records which censors certain pieces of data depending on user permissions. This relies on the janus 'restricted' permission, which can be set for each user for each project, independent of their role (so you can be a restricted admin, or an unrestricted viewer).
A note on nomenclature - I am using 'restricted user' to mean "cannot access restricted data", and 'unrestricted user' to mean "can access restricted data". This nomenclature might be annoying or confusing - however, I think it's pretty clear how it actually applies to the data (restricted data is censored, non-restricted data is visible).
There are two ways to restrict data. The first is adding the 'restricted' attribute, defined on a model as so:
This adds a boolean attribute named 'restricted' to the model. This attribute may be queried as normal. However, restricted users cannot retrieve or modify ANY data from a record where 'restricted' is true.
The second way is to add 'restricted' to any attribute, defined like so:
This prevents any restricted user from retrieving data in this attribute from ANY record (whether or not it is 'restricted' as in the first case).
If you think of the model/records as a table, the first method censors rows (records), the second censors columns (attributes).
The way this is implemented is by passing the instruction to restrict into Magma::Question and Magma::Revision, which either filter records (first method) or raise an error (second method) if the data should not be visible.