Versions Compared

Old Version 3

changes.mady.by.user Gert van Valkenhoef

Saved on

compared with

New Version 4

changes.mady.by.user Gert van Valkenhoef

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Authorization scenarios

Most operations in ReviewDB require simple "write" or "read" permissions on a particular review. How these permissions are granted depends on the authorization realm for the review.

Review creation and protected meta-data

Creating reviews (other than practice reviews) and updating certain fields via the ReviewDB API requires system administrator privileges. These operations are generally expected to be done via another system (e.g. Archie or Porto) instead.

This table outlines the permissions needed to change Review fields:

System administratorWrite meta-data permissionWrite permissionMaintained internally

realm
unitId (Porto)
ownedByIndividual (Porto)
type
subType
status
submitToEM
cochraneReview
practiceKey
templateIndicator
sourceReviewId

Specific to Editorial Manager:

submissionStatus
invitationStatus
invitationDueDate
journalCode
journalTitle
invitationId
parentDocumentId
revisionNumber

title
cdNumber
stage
reviewNo (code)
phase
lastPublishedDate
protocolPublishedIssueNo
protocolPublishedYear
reviewPublishedIssueNo
reviewPublishedYear
lastCitationIssueNo
lastCitationYear
groupId

Obsolete fields:

documentPK
tags
assessedUpToDate
nextStage
studiesManagedBy

searchDate
useStudyCentricDataStructures
gradeProIntegrationEnabled
riskOfBiasMethod
reviewFormat		changedSinceLastTag
reviewModified
reviewModifiedBy
titleModified
titleModifiedBy

Authorization realms

Authorization is handled differently based on the "realm" setting for the review, as outlined in this table:


ARCHIEPORTOPRACTICEPRACTICE_TEMPLATE
ReadManaged by Archie, depends on review phaseGranted to users with a role on the review, with a "manage reviews" role in the owning unit, and to system administratorsGranted to user who owns the review, and to system administratorsGranted to user who owns the review, and to system administrators
WriteManaged by Archie, depends on review phaseGranted to users with a role on the review, with a "manage reviews" role in the owning unit, and to system administrators on active reviewsGranted to user who owns the review, and to system administratorsGranted to user who owns the review, and to system administrators
Meta-dataManaged by ArchieGranted to users with a "manage reviews" role in the owning unit, and to system administratorsGranted to user who owns the review, and to system administratorsGranted to user who owns the review, and to system administrators
Protected meta-dataManaged by ArchieManaged by Porto (use Porto API)System administratorsSystem administrators
Create reviewManaged by ArchieManaged by Porto (use Porto API)Any user (up to a maximum number of practice reviews)Members of the trainers' network (Archie group)

Cochrane REST API

The Cochrane Application Programming Interface (API) is based on Representational state transfer (REST) and uses resource-oriented URLs. The API only supports SSL – any non-SSL calls will return a 403 (FORBIDDEN) return code.

...