Issue 13171

entity create: Validate that createdBy is the same as the authenticated user

13171
Reporter: mdoering
Type: Improvement
Summary: entity create: Validate that createdBy is the same as the authenticated user
Description: Once security is implemented we need to verify that the passed createdBy user is the same as the authenticated user. Or even better set the user automatically based on the security context
Priority: Major
Resolution: Fixed
Status: Closed
Created: 2013-05-07 14:34:05.823
Updated: 2013-12-16 17:50:59.821
Resolved: 2013-12-12 11:38:19.181


Author: kbraak@gbif.org
Created: 2013-12-12 11:38:19.213
Updated: 2013-12-12 11:38:19.213
        
The createdBy/modifiedBy is set automatically from the security context userPrincipal.

Legacy web services behave a bit differently, since they only use basic authentication. Here, the createdBy/modifiedBy is equal to the user name (organization key). As an example, look at http://registry.gbif.org/web/index.html#/dataset/db504a46-955f-45a6-bdc9-d9a7ebc85668