search

samvera / hyrax

Hyrax is a Ruby on Rails Engine built by the Samvera community. Hyrax provides a foundation for creating many different digital repository applications.
http://hyrax.samvera.org/
Apache License 2.0
183 stars 123 forks source link

Support File-level access control #1621

Open mcritchlow opened 6 years ago

mcritchlow commented 6 years ago

Descriptive summary

On the 08-09-2017 tech call the issue was discussed more and it was agreed that we (UCSD) would write up a ticket in Hyrax.

After spending a little time looking at the Hyrax codebase, it is not clear to us what the best path forward would be. It looks like several parts of the code would need to be updated/taught to look at File ACL's instead of always assuming all files in a Fileset have the same ACL. Then of course there are the design considerations for how to present this option properly to users in a reasonably intuitive way.

We've created a local PR which adds some initial support for this, as well as support for other File(set) use cases we have such as preservation source files.

We had intended to create this ticket with a proposed solution, but since we do not have one we are curious if there are any folks within the community willing to work with us on a solution. @lsitu has been involved in our local work on this, and can answer further tech questions on our end.

Rationale

At UC San Diego we have a few use cases that require us to make a distinction between access control on a source file (original file) and derivatives. Most of these are related to traditonal digitized library collections where there is a donor or content provider agreement that the source files cannot be made publicly available for view/download. PCDM itself support this level of ACL granularity, but Hyrax does not.

Our discussion started with a post on Samvera Tech. Essentially the core use case is as follows:

  1. upload a source file (tiff, wav, etc.)
  2. mark that object with the visibility of "public"
  3. mark the source file with visibility of "private" does not exist

Expected behavior

  1. Public/end users CANNOT download the source file, but they can for any derivatives.
  2. Curators/admins CAN download the source file including any derivatives

Actual behavior

  1. Public/end users CAN download the source file including any derivatives
  2. Curators/admins CAN download the source file including any derivatives

Related work

mjgiarlo commented 6 years ago

Thx for writing this up and taking this on, @mcritchlow @lsitu

rjkati commented 3 years ago

Hyrax 3.0.2 does not support granular file-level access controls as described in the ticket. Is this desired, @jlhardes?

jlhardes commented 3 years ago

This is related to more recent conversations around permissions that are documented in #4990 (Use only ACL to manage authorization for Works and Collections). If the suggested changes from that issue can work for this file level case, I think it would be useful to offer file-level access controls. If UCSD's changes are using the ACL to define this file-level access, this might be work to consider incorporating.