Introducing the CIA Namespace

No, do not panic. This post is not about OpenGroupware collaborating with that nefarious organization which overthrew the democratically elected governments of Guatemala and Iran. CIA is a simply new RPC namespace added in OpenGroupware Coils 0.1.49rc64; CIA stands for "Coils Interogation API".

The role of the CIA namespace is to provide a home for esoteric RPC calls that are useful to developers and system administrators. Methods exposed in the CIA namespace are not intended for use by day-to-day end-user applications; these methods are for interrogating the state of the server. Having this namespace for methods of more esoteric purpose avoids crowding the zOGI, or any other, namespace with odd methods which may not conform to that namespace's establish conventions. For example the values returned by CIA method calls are not Omphalos representations of entities [as would be expected in the zOGI namespace], the signature of each response is specific to its method.

Currently the CIA namespace hosts a total on one method; additional methods may be added as their need becomes apparent.

That one method is getMaterializedRights(context_id:;integer, object_id::integer). getMaterializedRights allows a system administrator or workflow administrator [permissions to perform the method is limited by those roles] to inquire as to what rights a given context has on a given object. If a user should be granted access to a project, for instance, the administrator can verify after changing ACLs or assignment that the user actually has the expected access.

A call of cia.getMaterializedRights(1181110, 29680) returns a structure indicating the access which context [user] 1,181,110 has to object [a Project in this example] 29,680.

{'accountObjectId': '1181110',
'contextContextIds': ['1181110', 10735169, 10003, 959150, 955240],
'contextLogin': 'fred',
'contextRoles': [2010000],
'targetAccessRights': ['i', 'l', 'v'],
'targetEntityNamee': 'Project',
'targetObjectId': 29680}

Text 1: Response to the getMaterializedRights method.

The response contains the context ids of the specified contacts - this includes team membership, proxy-user assignments, etc... as well as the roles held by that user - in this case 2,010,000 [Helpdesk]. The target object having object id 29,680 is a Project and the specified context has insert, list, and view permissions in relation to that object. The ability for trusted users to visualize the rights granted on X to Y can facilitate the troubleshooting of access related issues; access control provisions in the enterprise can be a complicated.

Currently the CIA namespace is exposed only via XML-RPC (under the /RPC2 URI), a bug is open to expose the namespace for JSON-RPC as well.