-
Notifications
You must be signed in to change notification settings - Fork 21
Dataset visualization limit by center
In the current usage of Shanoir, some users are "importer" in a study for a given center. That role allows them to import data for the study in a given center, but they should not be able to have access to the datasets of others center. We decided to define a new security encapsulation for study.
For every study user, define a list of centers that he has access to.
Define an interface in the study configuration, where, for every user, you can choose between:
- All centers (no need to update it in case a new center is added to the study)
- A list of centers of the study (needs to be updated)
- By default, a new user has access to all centers.
This list will be set in StudyUser Object. (and duplicated in the adapted microservices.) When testing if a user has access to such dataset / acquisition / examination, test if the corresponding center is in the StudyUser list.
Important points:
Nothing has to change for a study that don't want to implement this
Technical points:
A list of centers is hold by StudyUser entity. As StudyUser is duplicated over the different micro-services, the logic stays the same. By default, this list will be empty. an empty list means "all centers". -> This means no SQL update and a default to "all centers". Subject filtering seems quite complicated as the relation with data is kept in examination entity. (So we need to check the associated centers using the list of associated examinations) -> According to Marion Richard from the CHUGA, it is OK if these users can see others centers's subjects, but have no access to their data.
Filtering needs to be done (and associated paths of codes): Import
- Select study cards (only associated centers)
- Select center for the import (CT, EEG, etc..)
- Select examination (if not on the adapted center, don't propose the examination)
- Select subject for processed dataset
- Study detail
- Study tree
- List of study cards (only the one for the center(s))
- Bids Tree
List of entities:
- List of examinations
- List of dataset acquisitions
- List of datasets
- Solr search
- List of preclinical examinations