Improve the access control system

[aptiko]

Right now, the system can be configured so that, depending on the setting ENHYDRIS_OPEN_CONTENT , anonymous users (i.e. not logged on) either can download all time series data or cannot download/view any time series data at all (they can always see the range of each time series, but not download the data nor view the chart). Logged-on users can always view/download all time series.

These are the improvements we will make:

• It will be possible to restrict the system further, so that even logged-on users will not be able to download/view time series data other than those for which they have specifically been given permission.
• It will be possible to specify, for each station, which users or groups of users can view/download time series data. This setting will be available to the owner and maintainers of the station and will apply to all time series of the station.
• Additionally, it will be possible, for each time series, to specify that it is publicly available for viewing or download (i.e. available to anonymous users), overriding the above setting. (An application of this can be that raw time series are available to the public whereas processed time series are unavailable, or vice versa.)

A good place to start for this issue is to read the file enhydris/rules.py.

Feel free to break this issue into more issues if you think that's useful.

[aptiko]

I'm going to explain more about what we're trying to achieve.

It's important to understand the difference between a time series group and a time series. The "temperature" at a station is normally a time series group. The time series group can have several time series, such as (1) the raw data measured by the sensor, which measures, say, every 10 minutes, (2) the checked data, where, say, values higher than 70 and lower than -50 have been removed, (3) the hourly temperature, where the 10-minute values have been averaged, (4) the daily temperature, and so on.

Sometimes organizations want to allow people to view everything except the raw data, because they are afraid of the bad impressions that might be caused by wrong data. Particularly in the case of water quality data, they might not want to allow public access to data that has not yet reviewed by a human (they wouldn't want a newspaper to run a story that the water at an area has lethal concentration of a dangerous substance, when in fact it might be a sensor error).

In other cases, organizations might want to freely provide e.g. daily data, but if you wanted 10-minute data you'd need to pay for them or require special permission.

So these permissions must apply to the time series, not to the time series groups. This is actually too much granularity and users (station owners and maintainers) may have a hard time specifying these permissions and eventually the UI may need to offer some facilities such as specifying permissions for many time series groups (or stations) at the same time, or maybe define "policies" which may then be applicable to stations, but we want to go carefully and step-by-step and YAGNI about this, while of course keeping in mind the bigger picture.

So if you can think of something better than what I specified in the description of this issue, it's definitely to be considered.

[eyobofficial]

Sometimes organizations want to allow people to view everything except the raw data, because they are afraid of the bad impressions that might be caused by wrong data.

So these allowed people are not the maintainers of the station. They are other additional users not on the maintainers' list but should be authorized to access the timeseries data, right?

[aptiko]

Yes, that's right. A "maintainer" is essentially an administrator, he has the right to alter the station. The "owner" has the additional right to decide who is a maintainer.