From 32125041580fc954b47d7eb562800faf7cb19605 Mon Sep 17 00:00:00 2001
From: Max Novelli <max.novelli@ess.eu>
Date: Tue, 31 Oct 2023 13:09:10 +0100
Subject: [PATCH] reviewed authorization and fixed minor bugs

---
 Development/v4.x/backend/authorization.md     |  1 +
 .../authorization/authorization_datasets.md   | 47 +++++++++++--------
 .../authorization_origdatablocks.md           | 28 ++++++-----
 3 files changed, 45 insertions(+), 31 deletions(-)

diff --git a/Development/v4.x/backend/authorization.md b/Development/v4.x/backend/authorization.md
index ff3b1dcb..d7095315 100644
--- a/Development/v4.x/backend/authorization.md
+++ b/Development/v4.x/backend/authorization.md
@@ -63,6 +63,7 @@ The permissions in the vanilla installation provides a set of user groups which
 ## Subsystems
 - [Datasets](authorization/authorization_datasets.md)
 - [OrigDatablocks](authorization/authorization_origdatablocks.md)
+- [Jobs](authorization/authorization_jobs.md)
 - [Users](authorization/authorization_users.md)
 
 ___N.B.___: we know that many subsystems are still missing. We are working on reviewing the authorization model for each one of them and producing the relative documentation. We welcome any contribution.
diff --git a/Development/v4.x/backend/authorization/authorization_datasets.md b/Development/v4.x/backend/authorization/authorization_datasets.md
index 3e27f2b0..08786d97 100644
--- a/Development/v4.x/backend/authorization/authorization_datasets.md
+++ b/Development/v4.x/backend/authorization/authorization_datasets.md
@@ -23,9 +23,12 @@ This is the list of the permissions methods available for datasets and all their
 - DatasetCreateOwnerNoPid
 - DatasetCreateOwnerWithPid
 - DatasetCreateAny
-- DatasetReadPublic
-- DatasetReadAccess
-- DatasetReadOwner
+- DatasetReadManyPublic
+- DatasetReadManyAccess
+- DatasetReadManyOwner
+- DatasetReadOnePublic
+- DatasetReadOneAccess
+- DatasetReadOneOwner
 - DatasetReadAny
 - DatasetUpdateOwner
 - DatasetUpdateAny
@@ -60,7 +63,7 @@ This is the list of the permissions methods available for datasets and all their
 - DatasetDatablockUpdateAny
 - DatasetDatablockDeleteOwner
 - DatasetDatablockDeleteAny
-- DatasetLogbookReadOwn
+- DatasetLogbookReadOwner
 - DatasetLogbookReadAny
 
 ### Priority
@@ -70,10 +73,14 @@ graph LR;
     DatasetCreate-->DatasetCreateOwnerNoPid;
     DatasetCreateOwnerNoPid-->DatasetCreateOwnerWithPid;
     DatasetCreateOwnerWithPid-->DatasetCreateAny;
-    DatasetRead-->DatasetReadPublic;
-    DatasetReadPublic-->DatasetReadAccess;
-    DatasetReadAccess-->DatasetReadOwner;
-    DatasetReadOwner-->DatasetReadAny;
+    DatasetRead-->DatasetReadManyPublic;
+    DatasetReadManyPublic-->DatasetReadManyAccess;
+    DatasetReadManyAccess-->DatasetReadManyOwner;
+    DatasetReadManyOwner-->DatasetReadAny;
+    DatasetRead-->DatasetReadOnePublic;
+    DatasetReadOnePublic-->DatasetReadOneAccess;
+    DatasetReadOneAccess-->DatasetReadOneOwner;
+    DatasetReadOneOwner-->DatasetReadAny;
     DatasetUpdate-->DatasetUpdateOwner;
     DatasetUpdateOwner-->DatasetUpdateAny;
     DatasetDelete-->DatasetDeleteOwner;
@@ -86,12 +93,12 @@ graph LR;
 | POST | Datasets | _DatasetCreate_ | __no__ | __no__ | Owner, w/o PID<br/>_DatasetCreateOwnerNoPid_ | Owner, w/ PID<br/>_DatasetCreateOwnerWithPid_ | Any<br/>_DatasetCreateAny_ | Any<br/>_DatasetCreateAny_ | __no__ | 
 | POST | Datasets/isValid | _DatasetCreate_ | __no__ | __no__ | Owner, w/o PID<br/>_DatasetCreateOwnerNoPid_ | Owner, W/ PID<br/>_DatasetCreateOwnerWithPid_ | Any<br/>_DatasetCreateAny_ | Any<br/>_DatasetCreateAny_ | __no__ | 
 | GET | Datasets | _DatasetRead_ | Public<br/>_DatasetReadPublic_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Any<br/>_DatasetReadyAny_ | __no__ | 
-| GET | Datasets/fullquery | _DatasetRead_ | Public<br/>_DatasetReadPublic_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Any<br/>_DatasetReadAny_ | __no__ | 
-| GET | Datasets/fullfacet | _DatasetRead_ | Public<br/>_DatasetReadPublic_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Any<br/>_DatasetReadAny_ | __no__ | 
-| GET | Datasets/metadataKeys | _DatasetRead_ | Public<br/>_DatasetReadPublic_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Any<br/>_DatasetReadAny_ | __no__ | 
-| GET | Datasets/findOne | _DatasetRead_ | Public<br/>_DatasetReadPublic_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Any<br/>_DatasetReadAny_ | __no__ | 
-| GET | Datasets/count | _DatasetRead_ | Public<br/>_DatasetReadPublic_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Any<br/>_DatasetReadAny_ | __no__ | 
-| GET | Datasets/_pid_ | _DatasetRead_ | Public<br/>_DatasetReadPublic_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Has Access<br/>_DatasetReadAccess_ | Any<br/>_DatasetReadAny_ | __no__ | 
+| GET | Datasets/fullquery | _DatasetRead_ | Public<br/>_DatasetReadManyPublic_ | Has Access<br/>_DatasetReadManyAccess_ | Has Access<br/>_DatasetReadManyAccess_ | Has Access<br/>_DatasetReadManyAccess_ | Has Access<br/>_DatasetReadManyAccess_ | Any<br/>_DatasetReadAny_ | __no__ | 
+| GET | Datasets/fullfacet | _DatasetRead_ | Public<br/>_DatasetReadManyPublic_ | Has Access<br/>_DatasetReadManyAccess_ | Has Access<br/>_DatasetReadManyAccess_ | Has Access<br/>_DatasetReadManyAccess_ | Has Access<br/>_DatasetReadManyAccess_ | Any<br/>_DatasetReadAny_ | __no__ | 
+| GET | Datasets/metadataKeys | _DatasetRead_ | Public<br/>_DatasetReadManyPublic_ | Has Access<br/>_DatasetReadManyAccess_ | Has Access<br/>_DatasetReadManyAccess_ | Has Access<br/>_DatasetReadManyAccess_ | Has Access<br/>_DatasetReadManyAccess_ | Any<br/>_DatasetReadAny_ | __no__ | 
+| GET | Datasets/count | _DatasetRead_ | Public<br/>_DatasetReadManyPublic_ | Has Access<br/>_DatasetReadManyAccess_ | Has Access<br/>_DatasetReadManyAccess_ | Has Access<br/>_DatasetReadManyAccess_ | Has Access<br/>_DatasetReadManyAccess_ | Any<br/>_DatasetReadAny_ | __no__ | 
+| GET | Datasets/findOne | _DatasetRead_ | Public<br/>_DatasetReadOnePublic_ | Has Access<br/>_DatasetReadOneAccess_ | Has Access<br/>_DatasetReadOneAccess_ | Has Access<br/>_DatasetReadOneAccess_ | Has Access<br/>_DatasetReadOneAccess_ | Any<br/>_DatasetReadAny_ | __no__ | 
+| GET | Datasets/_pid_ | _DatasetRead_ | Public<br/>_DatasetReadOnePublic_ | Has Access<br/>_DatasetReadOneAccess_ | Has Access<br/>_DatasetReadOneAccess_ | Has Access<br/>_DatasetReadOneAccess_ | Has Access<br/>_DatasetReadOneAccess_ | Any<br/>_DatasetReadAny_ | __no__ | 
 | PATCH | Datasets/_pid_ | _DatasetUpdate_ | __no__ | __no__ | Owner<br/>_DatasetUpdateOwner_ | Owner<br/>_DatasetUpdateOwner_ | Owner<br/>_DatasetUpdateOwner_ | Any<br/>_DatasetUpdateAny_ | __no__ | 
 | PUT | Datasets/_pid_ |  _DatasetUpdate_ |__no__ | __no__ | Owner<br/>_DatasetUpdateOwner_ | Owner<br/>_DatasetUpdateOwner_ | Owner<br/>_DatasetUpdateOwner_ | Any<br/>_DatasetUpdateAny_ | __no__ | 
 | POST | Datasets/_pid_/appendToArrayField |  _DatasetUpdate_ |__no__ | __no__ | Owner<br/>_DatasetUpdateOwner_ |  Owner<br/>_DatasetUpdateOwner_ | Owner<br/>_DatasetUpdateOwner_ | Any<br/>_DatasetUpdateAny_ | __no__ | 
@@ -108,13 +115,13 @@ graph LR;
 | POST | Datasets/_pid_/origdatablocks | _DatasetOrigdatablocksCreate_ | __no__ | __no__ | Owner<br/>_DatasetOrigdatablockCreateOwner_ | Owner<br/>_DatasetOrigdatablockCreateOwner_ | Any<br/>_DatasetOrigdatablockCreateAny_ | Any<br/>_DatasetOrigdatablockCreateAny_ | __no__ | 
 | POST | Datasets/_pid_/origdatablocks/isValid | _DatasetOrigdatablocksCreate_ |  __no__ | __no__ | Owner<br/>_DatasetOrigdatablockCreateOwner_ | Owner<br/>_DatasetOrigdatablockCreateOwner_ | Any<br/>_DatasetOrigdatablockCreateAny_ | Any<br/>_DatasetOrigdatablockCreateAny_ | __no__ | 
 | GET | Datasets/_pid_/origdatablocks | _DatasetOrigdatablocksRead_ | Public<br/>_DatasetOrigdatablockReadPublic_ | Has Access<br/>_DatasetOrigdatablockReadOAccess_ | Has Access<br/>_DatasetOrigdatablockReadAccess_ | Has Access<br/>_DatasetOrigdatablockReadAccess_ | Has Access<br/>_DatasetOrigdatablockReadAccess_ | Any<br/>_DatasetOrigdatablockReadAny_ | __no__ | 
-| PATCH | Datasets/_pid_/origdatablocks/_oid_ | _DatasetOrigdatablocksUpdate_ | __no__ | __no__ | Owner<br/>_DatasetOrigdatablockUpdateOwner_ | Owner<br/>_DatasetOrigdatablockUpdateOwner_ | Owner<br/>_DatasetOrigdatablockUpdateOwner_ | Any<br/>_DatasetOrigdatablockCreateAny_ | __no__ | 
-| DELETE | Datasets/_pid_/origdatablocks/_oid_ | _DatasetOrigdatablocksDelete_ | __no__ | __no__ | __no__ |  __no__ | __no__ |  __no__ | Any<br/>_DatasetOrigdatablockDeleteAny_ | 
+| PATCH | Datasets/_pid_/origdatablocks/_oid_ | _DatasetOrigdatablocksUpdate_ | __no__ | __no__ | Owner<br/>_DatasetOrigdatablockUpdateOwner_ | Owner<br/>_DatasetOrigdatablockUpdateOwner_ | Owner<br/>_DatasetOrigdatablockUpdateOwner_ | Any<br/>_DatasetOrigdatablockCreateAny_ | __no__ |  |
+| DELETE | Datasets/_pid_/origdatablocks/_oid_ | _DatasetOrigdatablocksDelete_ | __no__ | __no__ | __no__ |  __no__ | __no__ |  __no__ | Any<br/>_DatasetOrigdatablockDeleteAny_ |  | 
 | | | | | | | | | |
-| POST | Datasets/_pid_/datablocks | _DatasetDatablocksCreate_ | __no__ | __no__ | Owner<br/>_DatasetDatablockCreateOwner_ | Owner<br/>_DatasetDatablockCreateOwner_ | Owner<br/>_DatasetDatablockCreateOwner_ | Any<br/>_DatasetDatablockCreateAny_ | __no__ | 
-| GET | Datasets/_pid_/datablocks | _DatasetOrigdatablocksRead_ | Public<br/>_DatasetDatablockReadPublic_ | Has Access<br/>_DatasetDatablockReadAccess_ | Has Access<br/>_DatasetDatablockReadAccess_ | Has Access<br/>_DatasetDatablockReadAccess_ | Has Access<br/>_DatasetDatablockReadAccess_ | Any<br/>_DatasetDatablockReadAny_ | __no__ | 
-| PATCH | Datasets/_pid_/datablocks/_oid_ | _DatasetDatablocksUpdate_ | __no__ | __no__ | Owner<br/>_DatasetDatablockUpdateOwner_ | Owner<br/>_DatasetDatablockUpdateOwner_ | Owner<br/>_DatasetDatablockUpdateOwner_ | Any<br/>_DatasetDatablockCreateAny_ | __no__ | 
+| POST | Datasets/_pid_/datablocks | _DatasetDatablocksCreate_ | __no__ | __no__ | Owner<br/>_DatasetDatablockCreateOwner_ | Owner<br/>_DatasetDatablockCreateOwner_ | Owner<br/>_DatasetDatablockCreateOwner_ | Any<br/>_DatasetDatablockCreateAny_ | __no__ |  |
+| GET | Datasets/_pid_/datablocks | _DatasetOrigdatablocksRead_ | Public<br/>_DatasetDatablockReadPublic_ | Has Access<br/>_DatasetDatablockReadAccess_ | Has Access<br/>_DatasetDatablockReadAccess_ | Has Access<br/>_DatasetDatablockReadAccess_ | Has Access<br/>_DatasetDatablockReadAccess_ | Any<br/>_DatasetDatablockReadAny_ | __no__ |  |
+| PATCH | Datasets/_pid_/datablocks/_oid_ | _DatasetDatablocksUpdate_ | __no__ | __no__ | Owner<br/>_DatasetDatablockUpdateOwner_ | Owner<br/>_DatasetDatablockUpdateOwner_ | Owner<br/>_DatasetDatablockUpdateOwner_ | Any<br/>_DatasetDatablockCreateAny_ | __no__ | | 
 | DELETE | Datasets/_pid_/datablocks/_oid_ | _DatasetDatablocksDelete_ | __no__ | __no__ | __no__ |  __no__ | __no__ | __no__ | Any<br/>_DatasetDatablockDeleteAny_ | 
 | | | | | | | | | |
-| GET | Datasets/_pid_/logbook | _DatasetLogbookRead_ | __no__ | Owner<br/>_DatasetLogbookReadOwner_ |  Owner<br/>_DatasetLogbookReadOwner_ | Owner<br/>_DatasetLogbookReadOwner_ |  Any<br/>_DatasetLogbookReadAny_ | __no__ | 
+| GET | Datasets/_pid_/logbook | _DatasetLogbookRead_ | __no__ | Owner<br/>_DatasetLogbookReadOwner_ |  Owner<br/>_DatasetLogbookReadOwner_ | Owner<br/>_DatasetLogbookReadOwner_ | Owner<br/>_DatasetLogbookReadOwner_ |  Any<br/>_DatasetLogbookReadAny_ | __no__ | | 
 
diff --git a/Development/v4.x/backend/authorization/authorization_origdatablocks.md b/Development/v4.x/backend/authorization/authorization_origdatablocks.md
index 3fbf43e9..a08d3198 100644
--- a/Development/v4.x/backend/authorization/authorization_origdatablocks.md
+++ b/Development/v4.x/backend/authorization/authorization_origdatablocks.md
@@ -10,9 +10,12 @@ This is the list of the permissions methods available for origdatablock and all
 ### (Data) Instance Authorization
 - OrigdatablockCreateOwner
 - OrigdatablockCreateAny
-- OrigdatablockReadPublic
-- OrigdatablockReadAccess
-- OrigdatablockReadOwner
+- OrigdatablockReadManyPublic
+- OrigdatablockReadManyAccess
+- OrigdatablockReadManyOwner
+- OrigdatablockReadOnePublic
+- OrigdatablockReadOneAccess
+- OrigdatablockReadOneOwner
 - OrigdatablockReadAny
 - OrigdatablockUpdateOwner
 - OrigdatablockUpdateAny
@@ -24,9 +27,12 @@ This is the list of the permissions methods available for origdatablock and all
 graph LR;
     DatasetOrigdatablockCreate-->DatasetOrigdatablockCreateOwner;
     DatasetOrigdatablockCreateOwner-->DatasetOrigdatablockCreateAny;
-    DatasetOrigdatablockRead-->DatasetOrigdatablockReadPublic;
-    DatasetOrigdatablockReadPublic-->DatasetOrigdatablockReadAccess;
-    DatasetOrigdatablockReadAccess-->DatasetOrigdatablockReadAny;
+    DatasetOrigdatablockRead-->DatasetOrigdatablockReadManyPublic;
+    DatasetOrigdatablockReadManyPublic-->DatasetOrigdatablockReadManyAccess;
+    DatasetOrigdatablockReadManyAccess-->DatasetOrigdatablockReadAny;
+    DatasetOrigdatablockRead-->DatasetOrigdatablockReadOnePublic;
+    DatasetOrigdatablockReadOnePublic-->DatasetOrigdatablockReadOneAccess;
+    DatasetOrigdatablockReadOneAccess-->DatasetOrigdatablockReadAny;
     DatasetOrigdatablockUpdate-->DatasetOrigdatablockUpdateOwner;
     DatasetOrigdatablockUpdateOwner-->DatasetOrigdatablockUpdateAny;
     DatasetOrigdatablockDelete-->DatasetOrigdatablockDeleteOwner;
@@ -38,11 +44,11 @@ graph LR;
 | -------- | ------- | ------- | ------- | ------- | ------- | ------- | ------- | ------- | ------- | ------- |
 | POST | origdatablocks | _OrigdatablockCreate_ | __no__ | __no__ | Owner<br>_OrigdatablockCreateOwn_ | Owner<br>_OrigidatablockCreateOwn_ | Any<br>_OrigdatablockCreateAny_ | Any _OrigdatablockCreateAny_ | __no__ |  
 | POST | origdatablocks/isValid | _OrigdatablockCreate_ | __no__ | __no__ | Owner<br>_OrigdatablockCreateOwn_ | Owner<br>_OrigdatablockCreateOwn_ | Any<br>_OrigdatablockCreateAny_ | Any<br>_OrigdatablockCreateAny_ | __no__ | 
-| GET | origdatablocks | _OrigdatablockRead_ | Public _OrigdatablockReadPublic_ | Has Access<br>_OrigdatablockReadAccess_ | Has Access<br>_OrigdatablockReadAccess_ | Has Access<br>_OrigdatablockReadAccess_ | Has Access<br>_OrigdatablockReadAccess_ | Any<br>_OrigdatablockReadAny_ | __no__ | 
-| GET | origdatablocks/_oid_ | _OrigdatablockRead_ | Public<br>_OrigdatablockReadPublic_ | Has Access<br>_OrigdatablockReadAccess_ | Has Access<br>_OrigdatablockReadAccess_ | Has Access<br>_OrigdatablockReadAccess_ | Has Access<br>_OrigdatablockReadAccess_ | Any<br>_OrigdatablockReadAny_ | __no__ | 
-| GET | origdatablocks/fullquery | _OrigdatablockRead_ | Public<br>_OrigdatablockReadPublic_ | Has Access<br>_OrigdatablockReadAccess_ | Has Access<br>_OrigdatablockReadAccess_ | Has Access<br>_OrigdatablockReadAccess_ | Has Access<br>_OrigdatablockReadAccess_ | Any<br>_OrigdatablockReadAny_ | __no__ | 
-| GET | origdatablocks/fullquery/files | _OrigdatablockRead_ | Public<br>_OrigdatablockReadPublic_ | Has Access<br>_OrigdatablockReadAccess_ | Has Access<br>_OrigdatablockReadAccess_ | Has Access<br>_OrigdatablockReadAccess_ | Has Access<br>_OrigdatablockReadAccess_ | Any<br>_OrigdatablockReadAny_ | __no__ | 
-| GET | origdatablocks/fullfacet | _OrigdatablockRead_ | Public<br>_OrigdatablockReadPublic_ | Has Access<br>_OrigdatablockReadAccess_ | Has Access<br>_OrigdatablockReadAccess_ | Has Access<br>_OrigdatablockReadAccess_ | Has Access<br>_OrigdatablockReadAccess_ | Any<br>_OrigdatablockReadAny_ | __no__ | 
+| GET | origdatablocks | _OrigdatablockRead_ | Public<br>_OrigdatablockReadManyPublic_ | Has Access<br>_OrigdatablockReadManyAccess_ | Has Access<br>_OrigdatablockReadManyAccess_ | Has Access<br>_OrigdatablockReadManyAccess_ | Has Access<br>_OrigdatablockReadManyAccess_ | Any<br>_OrigdatablockReadAny_ | __no__ | 
+| GET | origdatablocks/fullquery | _OrigdatablockRead_ | Public<br>_OrigdatablockReadManyPublic_ | Has Access<br>_OrigdatablockReadManyAccess_ | Has Access<br>_OrigdatablockReadManyAccess_ | Has Access<br>_OrigdatablockReadManyAccess_ | Has Access<br>_OrigdatablockReadManyAccess_ | Any<br>_OrigdatablockReadAny_ | __no__ | 
+| GET | origdatablocks/fullquery/files | _OrigdatablockRead_ | Public<br>_OrigdatablockReadManyPublic_ | Has Access<br>_OrigdatablockReadManyAccess_ | Has Access<br>_OrigdatablockReadManyAccess_ | Has Access<br>_OrigdatablockReadManyAccess_ | Has Access<br>_OrigdatablockReadManyAccess_ | Any<br>_OrigdatablockReadAny_ | __no__ | 
+| GET | origdatablocks/fullfacet | _OrigdatablockRead_ | Public<br>_OrigdatablockReadManyPublic_ | Has Access<br>_OrigdatablockReadManyAccess_ | Has Access<br>_OrigdatablockReadManyAccess_ | Has Access<br>_OrigdatablockReadManyAccess_ | Has Access<br>_OrigdatablockReadManyAccess_ | Any<br>_OrigdatablockReadAny_ | __no__ | 
+| GET | origdatablocks/_oid_ | _OrigdatablockRead_ | Public<br>_OrigdatablockReadOnePublic_ | Has Access<br>_OrigdatablockReadOneAccess_ | Has Access<br>_OrigdatablockReadOneAccess_ | Has Access<br>_OrigdatablockReadOneAccess_ | Has Access<br>_OrigdatablockReadOneAccess_ | Any<br>_OrigdatablockReadAny_ | __no__ | 
 | PATCH | origdatablocks/_oid_ | _OrigdatablockUpdate_ | __no__ | __no__ | Owner<br>_OrigdatablockUpdateOwner_ | Owner<br>_OrigdatablockUpdateOwner_ | Owner<br>_OrigdatablockUpdateOwner_ | Any<br>_OrigdatablockUpdateAny_ | __no__ | 
 | DELETE | origdatablocks/_oid_ | _OrigdatablockDelete_ | __no__ | __no__ | __no__ |  __no__ | __no__ |  __no__ | Any<br>_OrigdatablockDeleteAny_ |