Retrieving a dataset list from the database should return datasets the current user created.

ntua-unit-of-control-and-informatics / jaqpot-api-archived

JAQPOT Quattro is the 4th version of a YAQP, a RESTful web service which can be used to train machine learning models and use them to obtain toxicological predictions for given chemical compounds or engineered nano materials. The project is written in Java8 and JEE7.

Other

8 stars 4 forks source link

Retrieving a dataset list from the database should return datasets the current user created. #30

Closed hampos closed 8 years ago

hampos commented 9 years ago

A creator field should be placed in the meta of each dataset. The findAll query for datasets should return only datasets the requester has created and not everything in the database.

alphaville commented 9 years ago

True, but why not do it as in the case of Models and Algorithms. We can have a field called createdBy.

hampos commented 9 years ago

I don't see any implementation for the createdBy field. I believe it's ignored by the resource. Maybe an abstract implementation on AbstractHandler that finds entities of the same type belonging to a specific user should be made?

hampos commented 9 years ago

Whatever the case, getting all models, datasets, algorithms should be prohibited. A user should not be able to even get the URIs of the resources that they don't have permission to access. We should think about how we could handle this issue. Getting a huge list of models only to find out that hey can only access a few would be frustrating for a user.