= Proposal number : Proposal title: Hidden Elements =

|| '''Date''' || 2008/06/20 ||
|| '''Contact(s)''' || Simon Pigot, Stefano Giaccio, Just ||
|| '''Last edited''' || [[Timestamp]] ||
|| '''Status''' || draft ||
|| '''Assigned to release''' || 2.5 ||
|| '''Resources''' || Done in geocat.ch sandbox ||

== Overview ==
 
Apply permissions to metadata elements (not just records).[[BR]]

Stage 1 – elements are not group related – apply to internet/public/intranet groups only[[BR]]
Stage 2 – add additional granularity via interface [[BR]]

[[Image(editor-hidden-elements-legend.png)]]


=== Proposal Type ===
 * '''Type''': GUI Change, Core Change, Module Change
 * '''App''': !GeoNetwork
 * '''Module''': Data Manager

=== Links ===
 
 * '''Email discussions''': John Hockaday, Geoscience Australia suggested this on geonetwork-devel

=== Voting History ===
 * None as yet

----

== Motivations ==
Move access/permissions control down to element level.

== Proposal == 
5 components to deal with:

'''1.''' Metadata/Template editor: additional controls for selecting elements that are to be hidden to a specific level internet/intranet/public. [[BR]]
'''2.''' Selected elements written to database on save/save and close.[[BR]]
[[Image(editor-hidden-elements.png)]]

'''3.''' Database changes: additional dependent table HiddenMetadataElements on schema: MetadataId, Xpath [[BR]]
'''4.''' Query table and retrieve XPaths based on GroupId of UserSession, apply XPaths to JDOM tree before record returned from service [[BR]]
'''5.''' Lucene index – concealed elements cannot be indexed because the index can be searched by anyone – the permissions systems is not applied until the record is displayed. The interesting outcome of leaving concealed info in the index is that a user could search and get a result on the concealed info but would not be able to see it when the record was displayed. [[BR]]


New improvements not done :
 * add ISO attribute (gco:nilReason=”withheld”) for ISO records only – track down all locations where this can happen – could be possible to apply this in DataManager getMetadata
 * group level authorisation.

=== Backwards Compatibility Issues ===

Previous installations (2.2 and earlier) will need to migrate to a new database if they want to use this.
Harvesting from versions < 2.2 – filter is applied to conceal elements regardless of group.

== Risks ==

== Participants ==
 * As above