Setting Up Data segmentation

Owned by Guillaume LEPICARD
Last updated: Jun 02, 2021 by Olivier Grenet
2 min read

Plugin PACKAGED_Segmentation allows to easily configure rules for segmenting data (not only assets).

Plugin configuration

This plugin defines a single parameter not_segmented_role_ids allowing you to disable segmenting for a list of roles (typically 4,1)

Configuring segmentation

Identify properties that are involved in segmentation on user

On the user structure, identify properties that are participating to segmentation. Such properties must be marked with tags: segmenting[/<tree_mode>[/alias]]

<tree_mode> sub tag

tree_mode is only valid if the property is a tree. It defines an operator to apply to the tree. Possible values are: roots, child and tree

roots means that value associated to the user as all ancestors of the value are taken for the segmentation

child means that value associated to the user as well as all children of the value are taken for segmentation

tree means that value, all ancestors of value and all children of value

<alias> subtag

alias subtag is to give a shortname to the computed values. If omitted, the name will be <tree_mode><fieldname>

What do these tags do?

Leveraging on com.noheto.extensions.interfaces.services.ISurferService, when a surfer connects, for each property on user having a segmenting tag, a specific property will be added to the surfer:

Examples:

  1. property organization on user is by default marked with segmenting/tree/readorgs as a consequence, after a user connects, if its role is not ignored, it will have on its surfer a property readorgs containing the value associated to the user’s organization field + all ancestors of this value + all children of this value.

  2. property organization on user is by default also marked with segmenting/child/writeorgs as a consequence, after user connects, if its role is not ignored, it will have on its surfer a property writeorgs containing the value associated to the user’s organization field + all children of this value.

It is not possible to define aliases for non tree fields as their value is natively accessible using the fieldname, and as no concatenation of ids needs to be done.

If you define multiple segmenting/operator/alias with same operator, only first encountered one will be used.

If alias had not be defined for first tag segmenting/tree then the created surfer property would have been treeorgainzation

Identify structures that should be segmented

Structures containing data that need to be segmented are identified with tag: segmented (the tag is to be added to the whole structure, not on a field).

For those structures, you then need to tag fields that are involved in segmentation with tag segmented/<surferPropertyName>

For instance, on asset, field organization is tagged with organization/readorgs. This instructs the plugin to use surfer property readorgs in the BaseWhere used to retrieve assets.

BO patched bases

In BO, the plugin will use /bov3/common/init/initBaseWhere/initBaseWhere_after.jsp hook to increment following bases:

  • base_list_${form_object}

  • base_edit_list_${form_object}

  • base_edit_tree_${form_object}

  • base_search_list_${form_object}

  • base_index_${form_object}

The base will include after this plugin hook constraints according to the segmented/<surferPropertyName>

field in (<surfer.properties[surferPropertyName]>)

REST API bases

REST API bases are also extended following same rule than for BO

Before Insert

Before insert, field with segmentedTag will be filled with surfer’s value (if not defined by the user)

What does writeorgs do then?

writeorgs surfer property can be used in security to define whether or not the user is authorized to update a content.

In the default given configuration, a user is authorized to see any asset in the same tree as he is, but can only update assets in his organization or a child organization.