| | 1 | = Proposal number : Proposal title = |
| | 2 | |
| | 3 | || '''Date''' || 2008/06/20 || |
| | 4 | || '''Contact(s)''' || Simon Pigot, Stefano Giaccio || |
| | 5 | || '''Last edited''' || [[Timestamp]] || |
| | 6 | || '''Status''' || draft || |
| | 7 | || '''Assigned to release''' || 2.3 || |
| | 8 | || '''Resources''' || Available || |
| | 9 | |
| | 10 | == Overview == |
| | 11 | |
| | 12 | Apply permissions to metadata elements (not just records).[[BR]] |
| | 13 | |
| | 14 | Stage 1 – elements are not group related – apply to internet/public/intranet groups only[[BR]] |
| | 15 | Stage 2 – add additional granularity via interface (component 2)[[BR]] |
| | 16 | |
| | 17 | === Proposal Type === |
| | 18 | * '''Type''': GUI Change, Core Change, Module Change |
| | 19 | * '''App''': !GeoNetwork |
| | 20 | * '''Module''': Data Manager |
| | 21 | |
| | 22 | === Links === |
| | 23 | |
| | 24 | * '''Email discussions''': John Hockaday, Geoscience Australia suggested this on geonetwork-devel |
| | 25 | |
| | 26 | === Voting History === |
| | 27 | * None as yet |
| | 28 | |
| | 29 | ---- |
| | 30 | |
| | 31 | == Motivations == |
| | 32 | Move access/permissions control down to element level. |
| | 33 | |
| | 34 | == Proposal == |
| | 35 | 5 components to deal with: |
| | 36 | |
| | 37 | '''1.''' Template editor: additional controls for selecting elements that are to be hidden. Selected elements written to database on save/save and close.[[BR]] |
| | 38 | '''2.''' Need an additional permissions interface to associate groups with XPaths (stage 2 – more sophisticated users)[[BR]] |
| | 39 | '''3.''' Database changes: additional dependent table on OperationAllowed – OperationAllowedElements – schema: MetadataId, Xpath – related to OperationAllowed by MetadataId and GroupId[[BR]] |
| | 40 | '''4.''' Query table and retrieve XPaths based on GroupId of UserSession, apply XPaths to JDOM tree before record returned from service – add ISO attribute (gco:nilReason=”concealed”) for ISO records only – track down all locations where this can happen – could be possible to apply this in DataManager getMetadata[[BR]] |
| | 41 | '''5.''' Lucene index – concealed elements cannot be indexed because the index can be searched by anyone – the permissions systems is not applied until the record is displayed. The interesting outcome of leaving concealed info in the index is that a user could search and get a result on the concealed info but would not be able to see it when the record was displayed. [[BR]] |
| | 42 | |
| | 43 | |
| | 44 | |
| | 45 | === Backwards Compatibility Issues === |
| | 46 | |
| | 47 | Previous installations (2.2 and earlier) will need to migrate to a new database if they want to use this – the implementation could be made to tolerate the missing table if necessary. |
| | 48 | |
| | 49 | Harvesting from versions < 2.2 – filter is applied to conceal elements regardless of group. |
| | 50 | |
| | 51 | == Risks == |
| | 52 | |
| | 53 | == Participants == |
| | 54 | * As above |
| | 55 | |
