search

scientist-softserv / utk-hyku

Other
6 stars 0 forks source link

Create depositor group and only allow depositors or admins to deposit works #627

Open jillpe opened 4 months ago

jillpe commented 4 months ago

Summary

It is currently set up that:

This gives non-admin users too many permission, so UTK would like to set up a depositor group that has the ability to import/export and create new works that don't require approval and remove those permissions from Non-admin users.

Acceptance Criteria

Proposed Solution

[!NOTE] This solution is kind of like a "light" version of Hyku >= v5's Group with Roles feature, and will be incompatible with it when Hyku is upgraded to >= v5. Consider wrapping this logic in a feature flag

[!NOTE] This suggestion does not detail how to restrict permissions for import/export. That will still need to be figured out

  1. Change User#groups to read a user's Hyku::Group names
  2. Create "Depositors" Hyku::Group
  3. Remove registered group's access grant from the Default Admin Set
  4. Create access grant for Default Admin Set using the Hyku::Group's name
  5. Reset AdminSet's access controls (#reset_access_controls_for) a) HYRAX_USE_SOLR_GRAPH_NESTING is true, so this shouldn't cause any issues, but consider running it during off-hours
orangewolf commented 1 week ago

@jillpe this issue came back up today. specifically they were trying to use the Student group as per our instructions and it doesn't work because they do not have the groups with roles features =-/ we need to regroup on how we might fix this.

bkiahstroud commented 2 hours ago

@orangewolf what do you think about the Proposed Solution section in the ticket's description? Assuming the acceptance criteria hasn't changed, I don't think it would be too heavy of a lift