Allow Directory Groups in Collections Permissions Roles

[joncameron]

Description

Avalon is able to provide access to a directory group when connected to external auth by means of the access control listing for individual items, and for collection defaults. Managing access, in contrast, is only available for individual users who are added to one of the staff roles (Manager, Editor, Depositor). Having groups able to be added to this in addition to single usernames would allow for external management of group membership (ACM, ADS etc.) and provide management access . This should apply to both external (via SAML or other auth) and internal (system) groups.

As a collection manager, I want to grant staff role access (Manager, Editor or Depositor) to a directory group that contains members of my unit or area, so that members of that group are granted the corresponding rights to manage the the collection and its contents.

Use case: collection in each unit in MCO where newly digitized material lands; use ACM group to manage access to this collection as well as POD replacement, RMD etc.

Done Looks Like

• [ ] On the collection admin page, a group name can be used as an entry for Staff Role
• [ ] Group names appear in the typeahead popup as they are entered in the Staff Role form fields (matching behavior of the "External Group" field for item access)
• [ ] Users within the group added to a staff role have that corresponding level of permissions to modify the collection and its records

Examples

Typeahead search behavior for directory group in Media Collections Online:

[joncameron]

Could be easier than anticipated; changes to the ability model might be what this requires. Could be relatively easy or relatively hard.