ODH Permission handling - noi-techpark/documentation GitHub Wiki



THIS PAGE IS DEPRECATED: SEE FLIGHT RULES INSTEAD.



This page explains how to add users and roles, and to define which data can be seen as open data, and what is closed.

Please note: Only API methods regarding measurements are restricted. Methods regarding stations and types are considered open-data due to their meta-data character, i.e., get-station, get-station-details, or get-data-types always expose all data.

Make things open data!

   INSERT INTO bdprules(role_id, station_id, type_id, period) VALUES (
      (SELECT id FROM bdprole WHERE name = 'GUEST'),
      (SELECT id FROM station WHERE stationcode = 'station xyz'), 
      null, 
      null
   );

... or a more complex example, which makes atmospheric pressure measurements of all meteorological stations open-data...

   INSERT INTO bdprules(role_id, station_id, type_id, period) VALUES (
      (SELECT id FROM bdprole WHERE name = 'GUEST'),
      (SELECT id FROM station WHERE stationtype = 'Meteostation'), 
      (SELECT id FROM type WHERE cname = 'atmospheric-pressure'), 
      null
   );

GUEST contains all open-data sources, just add rules for that role and you will open it without the need of authentication through tokens, or username/password.

How to add a new user?

INSERT INTO bdpuser(email, password) VALUES ('[email protected]', 'top-S3CR3T');

How to disable an existing user?

UPDATE bdpuser SET enabled = false WHERE email = '[email protected]';

How to add a new role?

INSERT INTO bdprole(name) VALUES ('Role A');
INSERT INTO bdprole(name, parent_id) 
    VALUES ('Role B', (select id from bdprole where name = 'GUEST'));

Make sure that you define at least parent as GUEST (which is always present and allows access to all open data sources); ADMIN is another default, but it sees all data.

Role A cannot see anything at the moment, whereas Role B inherits everything from GUEST.

How to combine a role with users?

INSERT INTO bdpusers_bdproles(user_id, role_id) VALUES (
    (SELECT id FROM bdpuser WHERE email = '[email protected]'),
    (SELECT id FROM bdprole WHERE name = 'Role A')
);    

...or, if you know primary keys...

INSERT INTO bdpusers_bdproles(user_id, role_id) VALUES (2, 3);

How to define filter rules for a certain role?

   INSERT INTO bdprules(role_id, station_id, type_id, period) VALUES (
      (SELECT id FROM bdprole WHERE name = 'Role A'),
      (SELECT id FROM station WHERE stationcode = 'station xyz'), 
      null, 
      null
   );

This means, Role A can see any (type,period) combination for station xyz.

Rule information:

  • If you define new filter rules for parents, all children automatically inherit them.
  • (station, type, period) is a hierarchical triple, that is, if you open station to all (= NULL), type and period are no longer considered.

How to debug my rules?

SELECT * FROM bdppermissions;

This query, shows you the permissions view, which is a flattened representation of all rules.