ODH Permission handling - noi-techpark/documentation GitHub Wiki
THIS PAGE IS DEPRECATED: SEE FLIGHT RULES INSTEAD.
This page explains how to add users and roles, and to define which data can be seen as open data, and what is closed.
Please note: Only API methods regarding measurements are restricted. Methods regarding stations and types are considered open-data due to their meta-data character, i.e., get-station
, get-station-details
, or get-data-types
always expose all data.
Make things open data!
INSERT INTO bdprules(role_id, station_id, type_id, period) VALUES (
(SELECT id FROM bdprole WHERE name = 'GUEST'),
(SELECT id FROM station WHERE stationcode = 'station xyz'),
null,
null
);
... or a more complex example, which makes atmospheric pressure measurements of all meteorological stations open-data...
INSERT INTO bdprules(role_id, station_id, type_id, period) VALUES (
(SELECT id FROM bdprole WHERE name = 'GUEST'),
(SELECT id FROM station WHERE stationtype = 'Meteostation'),
(SELECT id FROM type WHERE cname = 'atmospheric-pressure'),
null
);
GUEST
contains all open-data sources, just add rules for that role and you will open it without the need of authentication through tokens, or username/password.
How to add a new user?
INSERT INTO bdpuser(email, password) VALUES ('[email protected]', 'top-S3CR3T');
How to disable an existing user?
UPDATE bdpuser SET enabled = false WHERE email = '[email protected]';
How to add a new role?
INSERT INTO bdprole(name) VALUES ('Role A');
INSERT INTO bdprole(name, parent_id)
VALUES ('Role B', (select id from bdprole where name = 'GUEST'));
Make sure that you define at least parent as
GUEST
(which is always present and allows access to all open data sources);ADMIN
is another default, but it sees all data.
Role A
cannot see anything at the moment, whereasRole B
inherits everything fromGUEST
.
How to combine a role with users?
INSERT INTO bdpusers_bdproles(user_id, role_id) VALUES (
(SELECT id FROM bdpuser WHERE email = '[email protected]'),
(SELECT id FROM bdprole WHERE name = 'Role A')
);
...or, if you know primary keys...
INSERT INTO bdpusers_bdproles(user_id, role_id) VALUES (2, 3);
How to define filter rules for a certain role?
INSERT INTO bdprules(role_id, station_id, type_id, period) VALUES (
(SELECT id FROM bdprole WHERE name = 'Role A'),
(SELECT id FROM station WHERE stationcode = 'station xyz'),
null,
null
);
This means,
Role A
can see any(type,period)
combination forstation xyz
.
Rule information:
- If you define new filter rules for parents, all children automatically inherit them.
(station, type, period)
is a hierarchical triple, that is, if you openstation
to all (= NULL
),type
andperiod
are no longer considered.
How to debug my rules?
SELECT * FROM bdppermissions;
This query, shows you the permissions view, which is a flattened representation of all rules.