New Group Sync for GN

[f-necas]

I introduce here a new synchronization for geonetwork in georchestra in order to solve the current situation of:

• Org based sync is not granular enough to be able to give a user rights in different groups
• Role based sync is not understable enough and we easily loose track of what is sync between georchestra's console and GN

How does it work

This new sync works (almost) like Org based sync. Organization in georchestra are mapped to GN groups.

But, we can also create new roles in georchestra like PSC:GN_REVIEWER which will allow user to be REVIEWER of PSC group.

In this way, we can set multiple and differents rights for user like PSC:GN_REVIEWER, C2C:GN_EDITOR and so on.

Top level roles like GN_EDITOR, GN_REVIEWER set this role for organization/group where user belongs to (just as org based sync).

Requires: georchestra/georchestra#4616

Examples

User	Profile in GN	Roles in GN
Organization PSC, Roles: ROLE_USER	Guest	No group attribution
No Organization , Roles: GN_EDITOR	Editor	No group attribution
Organization PSC , Roles: GN_EDITOR	Editor	Editor in PSC Group
Organization PSC , Roles: GN_EDITOR, C3P:GN_REVIEWER	Reviewer	Editor in PSC Group, Reviewer in C3P Group
No Org, Roles: GN_ADMIN	Administrator	Admin in all groups

About the CI edit

I added the below action to the CI, because since ES 7.11, resource management has changed and it consumes everything he has, making the tests failing. I'm cleaning here some space to retrieve some space. seems to work...

- name: Free Disk Space (Ubuntu)
      uses: jlumbroso/free-disk-space@main

[fvanderbiest]

I like the fact that this is an extension of the org-based sync.
As I understand it, it changes nothing for those who do not need it.

Can you explain whether this will be be a new option for the geonetwork.syncMode setting or a replacement of the orgs sync mode ?
https://github.com/georchestra/datadir/blob/92dd72bd7911f38da0779ea8474572af89abed9a/geonetwork/geonetwork.properties#L25-L32

[fvanderbiest]

If the community agrees on this move, it has to be properly documented in addition to this PR.

[jeanpommier]

Looks very interesting indeed.
Sorry, I won't have time to look at the code right now

[landryb]

i dont understand much of it but i dont have the time to properly look, but shouldnt the 'profile in GN' be Editor in the 4th line in the example ? per 'Organization PSC , Roles: GN_EDITOR, C3P:GN_REVIEWER'.. or it has to be 'the higher profile' ?

[f-necas]

i dont understand much of it but i dont have the time to properly look, but shouldnt the 'profile in GN' be Editor in the 4th line in the example ? per 'Organization PSC , Roles: GN_EDITOR, C3P:GN_REVIEWER'.. or it has to be 'the higher profile' ?

We compute the highest profile in order for user to have the good minimal profile acording to his roles.

If the community agrees on this move, it has to be properly documented in addition to this PR.

Yep wanted to do so but I didn't remembered some things I did. It was a shot i gave a few months ago...

Can you explain whether this will be be a new option for the geonetwork.syncMode setting or a replacement of the orgs sync mode ? georchestra/datadir@92dd72b/geonetwork/geonetwork.properties#L25-L32

Sure will do, if community agrees

[fvanderbiest]

I think this deserves a GIP :-)