Task #3886

Updated by Chris Jones almost 10 years ago

The d1-cn-log Solr index currently requires authenticated access, since portions of the log entries are sensitive information. For the d1_dashboard, we need access to the index for various levels of display, both authenticated and public.

pid, ipAddress, userAgent, subject, event, dateLogged and nodeId are the fields exposed through the d1 log api call. Of these, ipAddress, userAgent, and subject are sensitive fields. These fields should only be accessible by a 1) CN subject, 2) owning MN subject, 3) rights owner subject or equivalent identity.

For the first version of the d1_dashboard application, filter Solr queries to provide public access to only the summary information returned by Solr. pid, event, dateLogged, and nodeId fields. This requires that queries by the public user
1) should be accepted
2) should have the rows parameter set to 0 despite the input prior to executing the query
3) queries that include facets should redact the ipAddress, userAgent, and subject fields from the facet.field parameter prior to executing the query

will provide general data on total MN CRUD events per pid.


Add picture from clipboard (Maximum size: 14.8 MB)