Closed elrayle closed 6 years ago
@laritakr is pondering an alternative to this. Here is my proposed implementation.
Make use of existing permission_templates infrastructure with some modifications...
source_type
with values (admin_set, collection_type, collection
)admin_set_id
to source_id
and it will hold the object id of the admin set, collection type, or collectionImpact on admin_sets
source_type=='admin_set'
. If they only access by id, then this won't be an issue.Impact on collection_type
permission_templates
for type=collection_type
to create the list of valid collection types for the current user.permission_templates
joined with permission_templates_access
for source_type=collection_type && access=manager
in order to add write acl for the new collection. I think this would actually be accomplished by setting edit_access=[manager ids + creator's id]
on the object and hyrax will create the acl for you in fedora.Impact on collections
I am not comfortable with reusing permission templates and permission template accesses for collection types, for several reasons:
As Collection Types are entirely outside of Fedora, we should not be reusing a construct which was created to serve as an extension of the Fedora object, particularly when the implementation of Admin Sets and Permission Templates are already troublesome.
Instead, @jeremyf and I promote the use of workflows and workflow roles for controlling who can act on collection types. I have done a lot of analysis on permissioning in Hyrax (and the entire stack), and everything I've found points to the need to integrate all permissions into the workflow structure. (Tomorrows tech call will be an initial introduction of this to the community, but the working document is located here for review and comment.) This is what workflows are designed to do... using them will be a much better fit and require less future rework as well.
However, recognizing that we are not yet at a point where this is a simple implementation, we propose that, for now, we create a new database table for collection type participants. This will allow for a cleaner refactor into workflows at a later point than having collection types mixed into the mess that is permission templates and admin sets.
Permission templates would still be modified for use with collections themselves, by modifying the permission_templates table to store the fedora id for all collections:
I am OK with your proposal to use a separate tables for collection_types and the same tables admin_sets and collections. I would note that the permission_templates and permission_templates_access do not extend any fedora objects. The values in those tables are used when creating a work to determine the initial settings for edit_access and read_access. Once the work is saved, the work no longer has any connection with permission_template or permission_template_access.
The Admin Set is a fedora object. The permission template is one-to-one with it, to give the details needed for permissions on its child objects. From that perspective, I consider it a conceptual extension of the fedora object itself, because any object which is used to control the creation of lower level objects needs the attributes that tell it how to create those objects.
Ah, I see where you are coming from. That makes sense.
Work completed so far-
Work/issues remaining-
app/views/admin/collection_types/_form.html.erb
view/partial will be needed. I just moved <%= render 'form_participants' %> to below the other form tag as it wont work nested in the other form. (needs to be similar to how the admin sets participants tab works)@elrayle - I did a bit more work on this. Partial pull request here: https://github.com/samvera/hyrax/pull/1534
Branch here: https://github.com/samvera/hyrax/tree/collections-1345-collection-type-participant
Complete
Admin::CollectionTypeParticipantsController
, CollectionTypeParticipantForm
, CollectionTypeParticipant
model associated tests/views/hyrax/admin/collection_types/_form_participants.html.erb
and /views/hyrax/admin/collection_types/_form_participants_table.html.erb
Remaining Issues:
/views/hyrax/admin/collection_types/_form.html.erb
view needs to be rearranged. The _form_participants.html.erb
partial cannot nest within the other form but that form is spanning the other two tabs. I moved the participants partial under the submit button as a temporary measure during development, but it needs permanent solution. Maybe if the form.persisted? is true the first tab could become the "Metadata and Discovery" and contain the other two partials? That way the form could live within the first tab pane and not span them all.@elrayle - should I go ahead and close this? I think the bulk of the work is done, at least as a first pass. The /views/hyrax/admin/collection_types/_form.html.erb
issue could be a good one for Adam to look at if it's not already being addresses.
Remaining Work:
manage
instead of manager
to access tablecreate
instead of creator
to access table
Descriptive summary
Add code to implement the Participants tab partial for the new/edit form views for collection types. This partial is shared by both the new and edit form views.
Rationale
See model issue for rationale.
Implementation
Files:
Expected user interactions
Create the UI view for adding participants for a collection type.
The form fields allow the user to select a group or user and apply a participant role to that group/user. The roles for collection types includes...
The form will also include a listing of groups/users assigned to each participant role.
Exact text for the page is in the mockup below.
SPECIAL NOTE on Admin Sets:
For the initial implementaiton, the Admin Set underlying code will not change. But to a user, the Admin Set will appear to be a collection type.
To make the illusion happen...
Mockup
Related work