Table of Contents
Visibility
Visibility is stored in the solr doc as follows:
- if visibility='open' (aka public), the solr doc
read_access_group_ssimincludes 'public' - if visibility='authenticated' (aka institutional), the solr doc
read_access_group_ssimincludes 'registered' - if visibility='restricted' (aka private), nothing is added to the solr doc
Permission Templates
For Admin Sets:
Original implementation
CREATE TIME: admin_sets add access to the solr doc at create time via AdminSetCreateService
- set in solr doc from AdminSetCreateService#create
- read group: 'public' (for visibility)
- edit group: admin
- creator: creator user (not given access via edit user)
- set in permissions table from AdminSetCreateService#create_permission_template and #access_grants_attributes
- MANAGE group: admin
- MANAGE user: creator user
- set in permissions table from AdminSetCreateService#create_default_access_for
- DEPOSIT group: registered
UPDATE TIME: admin_sets adjust the above at udpate time via PermissionTemplateForm and via AdminSet (model)
- set in solr doc from AdminSet (model) #update_access_control! when called from PermissionTemplateForm#update_management which is only called when a manager is added or deleted
- edit user: all users with MANAGE permissions (includes creator user)
- edit group: all groups with MANAGE permissions
- NOTE: creator gets edit access via this method because set with MANAGE access during create AND this method is ONLY called when MANAGE participants are added or deleted
- NOTE: no read users/groups are added which doesn't matter only because the read group was set to Public above which means everyone can read
- set in permissions table from PermissionTemplateForm#update -> #update_participants_options -> #update_permission_template -> AdminSet (model) #update
- adds/removes row from access table with agent_id, agent_type (e.g. 'user' | 'group'), access (e.g. 'manage', 'deposit', 'view') values set in the form
Slight modification during sprint
CREATE TIME: admin_sets add access to the solr doc at create time via AdminSetCreateService
- set in solr doc from AdminSetCreateService#create
- read group: 'public' (for visibility)
- DO NOT SET edit group: admin
- creator: creator user (not given access via edit user)
- set in permissions table from AdminSetCreateService#create_permission_template and #access_grants_attributes
- MANAGE group: admin
- MANAGE user: creator user
NEW -- call AdminSet (model) #update_access_controls! to set solr doc edit permissions
- set in permissions table from AdminSetCreateService#create_default_access_for
- DEPOSIT group: registered
UPDATE TIME: admin_sets adjust the above at udpate time via PermissionTemplateForm and via AdminSet (model)
- set in solr doc from AdminSet (model) #update_access_control! when called from PermissionTemplateForm#update_management which is only called when a manager is added or deleted
- edit user: all users with MANAGE permissions (includes creator user)
- edit group: all groups with MANAGE permissions
NOTE: creator gets edit access via this method because set with MANAGE access during create AND this method is ONLY called when MANAGE participants are added or deleted- NOTE: no read users/groups are added which doesn't matter only because the read group was set to Public above which means everyone can read
- set in permissions table from PermissionTemplateForm#update -> #update_participants_options -> #update_permission_template -> AdminSet (model) #update
- adds/removes row from access table with agent_id, agent_type (e.g. 'user' | 'group'), access (e.g. 'manage', 'deposit', 'view') values set in the form
All this is consistent with the Collections permissions approach EXCEPT
- collections set read_groups and read_users based on VIEW access
- admin_sets allow everyone to view all admin sets. This is incompatible with collection type approach and will need to be revisited before admin_sets can become just another collection type.
Impact of Participants on admin_set/collection and works
For Admin Sets:
| permission_ template_ access | definition in UI | admin set solr doc | ability: can? create_in_adminset | work solr doc | comments |
|---|---|---|---|---|---|
| :manage | Managers of this administrative set can
| edit_access | true | edit_access | admin is always a manager |
| :deposit | Depositors can add new works to this administrative set. | N/A | true | access to works are granted only for works the user creates | |
| :view | Viewers of this administrative set can
| N/A | false | read_access |
For Collections:
| permission_ template_ access | definition in UI | collection solr doc | ability: can? create_in_collection | work solr doc | comments |
|---|---|---|---|---|---|
| :manage | Managers of this collection can
| edit_access | true | edit_access | admin is always a manager |
| :deposit | Depositors of this collection can
| read_access | true | access to works are granted only for works the user creates | |
| :view | Viewers of this collection can
| read_access | false | read_access |
NOTE: There is a difference in definitions and in read_access set on admin_sets and collections for depositors and viewers. I would propose that Admin Sets use the same behavior as collections. This change will results in Depositors and Viewers being able to view the admin show page of the admin set AND see them listed in Managed Collections tab in Dashboard → Collections.
This makes sense for viewers since they must have some special connection with the admin set to be able to see works in it even when they are embargoed or private. This can make sense for depositors when there are multiple admin sets being used for organization.
My concern is for the special case of a site using a default admin set because they have to. Users must be able to deposit in it. In this case, the default admin set is the full set of all works in the repository. It does not make sense for users to view the show page for that admin set or see it in Managed Collections.