-
Notifications
You must be signed in to change notification settings - Fork 16
Permissions
The 3DR allows content submitters to manage the ability of other users to access that content. The system is based on the idea that users can be given one of 5 levels of access to a model, and the system will enforce different restrictions based on the permission level a given user has been assigned to a given model.
The system provides 5 permission levels, each one encompassing the rights of the previous ones. In order of permissiveness, they are:
- Invisible - The user cannot see or find the model, it does not appear in searches and cannot be accessed.
- Searchable - The model appears in search results. The user is able to see metadata, thumbnails and logos.
- Fetchable - The user can download the model, and user the real time 3D view on the details page.
- Editable - The user can overwrite with a new model, change metadata values and replace logos.
- Admin - The user can delete the model and edit permissions. May have other uses in the future.
For convenience, users may create lists of other users, and assign all users on that list the same permission to a model. Where a conflict exist, such as a user being a member of two groups with different access levels to a given model, the user always gets the maximum permission afforded by any of the permission settings. Group creators can mark a group as "UsersAdd", which will allow members of a group to add permissions to one of the members models to the group, even though the member may not be the group creator. This features allows you to create a community of people who all share models among themselves, while keeping the general public out. When editing permissions for a model, the user will see a list of groups that he has created, the default groups, and a list of groups that he or she may add models to. There is also a space to add a specific permission for a single user name.
The system comes pre-installed with 2 default groups that cannot be removed or edited. These are 'AllUsers', and 'AnonymousUsers'. All users with an account on the 3DR installation are members of the AllUsers group, and anyone who does not have an account is a member of 'AnonymousUsers'. Site users are also understood to be included in the AnonymousUsers group. Therefore, because the system grants the highest possible permission, anyone in the AllUsers group will get which ever level is higher, AllUsers or AnonymousUsers, for a given model.
To make a model available for download to anyone, anywhere: Set the level to AnonymousUsers to 'Fetchable'. In the current GUI, the 'Fetchable' level is described as "can view/download the model". This overrides any other lower permissions, so anyone can download the model.
To make a model invisible to anyone except a specific person, set "AnonymousUsers" and "AllUsers" to 'Invisible', which in the GUI is described as "cannot see the model". The, add a 'Searchable' permission to the username of the specific individual you wish to share with. 'Searchable' is described in the GUI as "can view the objects metadata."
To make a community of people who can all share models amoung themselves: Create a group of users. Set that group as "UsersAdd". Add all the users you wish to share with to the group. Upload a model, and set the permission for that group as 'Fetchable'. Other members of that group will see it when they upload a model, and may choose to set their model as 'Fetchable' for that group as well. Set 'AnonymousUsers' and 'AllUsers' to 'Invisible' to make this model completely private.
When you first upload a model, the system sets the permissions for "AnonymousUsers" to "Queryable" and "AllUsers" to "Fetchable". Please remember that without action on your part, anyone with an account can download the model.
The site administrator has 'Admin' permissions to all models on the site. The site Admin can delete, update, change or overwrite any model they wish.
Currently, the Federation accesses the member sites as "AnonymousUser". Search results and download requests work through the federation exactly as they would for a site visitor who has not logged in. When requesting a download, if the AnonymousUser account does not have download permission, the user will be prompted for a name and password by the remove member site. The Federation accesses the member sites over the API, which uses HTTP Basic Authentication. Other uses of the API will also require the HTTP Basic Auth protocol to be followed.