Hello, Mayan is excellent software and I hope that I will contribute somehow to the project. I have a practical problem that might happen to others.
I am trying to apply permissions in Mayan for the following: Each user must have an access only to the documents that he had uploaded. Reading the documentation and making several tests I firstly came to the conclustion that it will be hardly achieved without writing new app for Mayan. Using a 3 tier access control it is possible to grant access of a user to a particular document. But only after it is uploaded. It cannot be done automatically. For lots of users manual assigment of documents to users is a pain. But after playing for a while with Mayan I have an idea how to achieve the rule: If the user X uploaded document A, then give permission of user X to view document A. 1. Create a role with the permissions create/view documents and smart link view. 2. Create group named Individuals 3. Attach the role to group Individuals 4. Add user X to group Individuals. 5. Create metadata type named "Uploader_name" with default value user name (or user Id). It is achieved by function that will call the currently logged-in user. For now the only supported default value is the function current_date(). The other available option is to use data from User model. So the functionality is not available yet, but it seems possible to achieve this with few lines of code. 6. Create Smart Link that will show only documents to users that have the same username as "Uploader_name" value. Currently the available variables are Properties and Metadata. Here I have to evaluate if it is possible. 7. Create Access Control List (ACL) for the Smart Link with holder "Individuals". In this way user X and all other users in this group will inherit the permissions create/view documents and view smart links. But with the restriction to view only documents that meet the rule of the Smart Link. So am I on the right path? I was thinking to hardcode the uploader name in some model, maybe document properties, but the flexibility of meta data looks handy. Regards, Iliya
