Additional community permission level

inveniosoftware / product-rdm

InvenioRDM Product Roadmap

10 stars 0 forks source link

Additional community permission level #130

Closed tmorrell closed 3 months ago

tmorrell commented 5 months ago

Is your feature request related to a problem? Please describe.

For a large community you may want to have a number of reviewers work on submissions, but not provide them permissions to edit all records in the community. The current community permissions are "Reader", which has no ability to manage community requests and "Curator" which has permissions to edit every record in the community. A permission level in between these two would provide more flexibility.

Describe the solution you'd like

A new "Reviewer" permission that provides edit access to community draft records. This would provide edit access to all community drafts, but not published records.

Describe alternatives you've considered

We have not been able to come up with alternative options for large community record management.

zguillen commented 5 months ago

Would love to see this (linking my project's related issue for my own sanity's sake https://github.com/MSD-LIVE/issues/issues/139)

fenekku commented 5 months ago

thinking out loud here / things to investigate

Can the reviewers publish the record or only edit?
How would the reviewers indicate that they've reviewed? For that matter, we don't have this GitHub-like "reviewed" affordance currently.
Should they even be able to publish the record, given the "lock-out" problem: once they've published they can't edit the record back to fix a mistake they suddenly realized?
Is the "edit/update" functionality using/allowing for distinctive permissions in the implementation (i.e. is a new Community role with permissions enough or is some change at update/edit level necessary?)
Would subcommunities / breaking the large community up, make sense for these situations instead?

tmorrell commented 5 months ago

All good questions!

For our use case only edit would be the best, but I'm not sure what would be easiest to implement or if that would be the best for everyone.
We're currently having reviewers tag a record as completed in the comments, and then we pull out everything in the queue to an external table https://caltechlibrary.github.io/irdm-queue-portal/. Having this integrated into the community would be better, but it's a larger project than just adding the permissions.
That's one reason I prefer the "edit-only" option.
To investigate
We're using communities to enforce curation on all our records in the repository, so using sub-communities would be cumbersome. We'd have to move all published records out of the main community and into the more restrictive published community. I think it would be possible, but seems more complicated and confusing