From 978d13a7564de1282ee6ab04a734083fa6d52f9e Mon Sep 17 00:00:00 2001 From: pieterlukasse Date: Fri, 10 May 2024 15:20:34 +0200 Subject: [PATCH 1/4] wip: try the new permission management settings ...for the "global cohorts" feature --- kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml b/kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml index e2d712533..2bd2a47c3 100644 --- a/kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml +++ b/kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml @@ -17,6 +17,15 @@ data: "ajax": false, "icon": "fa fa-openid" }]; + // This tells Atlas to show the 'lock' icon to the user when + // viewing concept sets, cohort definitions, and other + // artifacts so that the can edit READ and WRITE + // permissions. By default, this is set to true + configLocal.enablePermissionManagement = true; // Default is false + // If the enablePermissionManagement is set to true, you can specify + // an ID for specific role to use for concept set and cohort definition permission + // management. Leave blank if all users should have that ability + configLocal.permissionManagementRoleId = '1020'; // Default is '' - all users can share configLocal.cohortComparisonResultsEnabled = false; configLocal.userAuthenticationEnabled = true; configLocal.plpResultsEnabled = false; From 12fc87653abf249560d82a4090b3a132e03c2c6a Mon Sep 17 00:00:00 2001 From: pieterlukasse Date: Wed, 15 May 2024 21:05:08 +0200 Subject: [PATCH 2/4] feat: use new limitedPermissionManagement instead of permissionManagementRoleId --- kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml b/kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml index 2bd2a47c3..078d746c0 100644 --- a/kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml +++ b/kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml @@ -23,9 +23,9 @@ data: // permissions. By default, this is set to true configLocal.enablePermissionManagement = true; // Default is false // If the enablePermissionManagement is set to true, you can specify - // an ID for specific role to use for concept set and cohort definition permission - // management. Leave blank if all users should have that ability - configLocal.permissionManagementRoleId = '1020'; // Default is '' - all users can share + // if this capability should be limited to only users that have a + // specific permission for this. Leave false if all users should have that ability. + configLocal.limitedPermissionManagement = true; // Default is false all users can share configLocal.cohortComparisonResultsEnabled = false; configLocal.userAuthenticationEnabled = true; configLocal.plpResultsEnabled = false; From e59f8cf59c8ea0d24308f03f2575bb4f08b9f79d Mon Sep 17 00:00:00 2001 From: pieterlukasse Date: Fri, 17 May 2024 15:09:55 +0200 Subject: [PATCH 3/4] feat: add new setting for cohort-middleware so it can start listing globally shared cohorts --- gen3/bin/kube-setup-cohort-middleware.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/gen3/bin/kube-setup-cohort-middleware.sh b/gen3/bin/kube-setup-cohort-middleware.sh index a6a024578..c90ca348b 100644 --- a/gen3/bin/kube-setup-cohort-middleware.sh +++ b/gen3/bin/kube-setup-cohort-middleware.sh @@ -34,6 +34,7 @@ setup_secrets() { cat - > "$credsFile" < Date: Fri, 24 May 2024 16:04:38 +0200 Subject: [PATCH 4/4] fix: improved/fixed comments --- kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml b/kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml index 078d746c0..6b724eb2d 100644 --- a/kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml +++ b/kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml @@ -19,13 +19,13 @@ data: }]; // This tells Atlas to show the 'lock' icon to the user when // viewing concept sets, cohort definitions, and other - // artifacts so that the can edit READ and WRITE + // artifacts so that they can edit READ and WRITE // permissions. By default, this is set to true - configLocal.enablePermissionManagement = true; // Default is false + configLocal.enablePermissionManagement = true; // Default is true // If the enablePermissionManagement is set to true, you can specify // if this capability should be limited to only users that have a // specific permission for this. Leave false if all users should have that ability. - configLocal.limitedPermissionManagement = true; // Default is false all users can share + configLocal.limitedPermissionManagement = true; // Default is false all users can share. If true, only users with the permission "artifact:global:share:put" get the ability to share artifacts. configLocal.cohortComparisonResultsEnabled = false; configLocal.userAuthenticationEnabled = true; configLocal.plpResultsEnabled = false;