Hi Iliya, thanks for trying out Mayan EDMS and for your suggestions. There is explicit support for the situation you mentioned. The 3 tier access control can be used to control access to specific documents but can also be used to a set a default access control list to a class of objects which will be applied when another instance of that object class is created. For this case go to the "Setup menu", "Default ACLs", from the list go to "Documents" and select "New Holder". Scroll to the bottom of the list and you will see two special users: "Creator" and "Anonymous". Give the "Creator" user the permissions you will the person who uploads the document to have. Finally create a new role (ie: uploaders) which have the document create permission and add users or groups to that role. This solves the situation for new documents, for existing document manual editing of each document's ACL would still have to be done. I've been trying out ideas for mass editing of ACLs but haven't come to a solution I like.
I liked your idea of having the uploader username linked somewhere with the document, I will look into implementing this. Thanks, /Roberto On Monday, July 2, 2012 9:14:22 AM UTC-4, Iliya Georgiev wrote: > > Hello, > > Mayan is excellent software and I hope that I will contribute somehow > to the project. I have a practical problem that might happen to > others. > > I am trying to apply permissions in Mayan for the following: > > Each user must have an access only to the documents that he had > uploaded. > > Reading the documentation and making several tests I firstly came to > the conclustion that it will be hardly achieved without writing new > app for Mayan. Using a 3 tier access control it is possible to grant > access of a user to a particular document. But only after it is > uploaded. It cannot be done automatically. For lots of users manual > assigment of documents to users is a pain. > > But after playing for a while with Mayan I have an idea how to achieve > the rule: > > If the user X uploaded document A, then give permission of user X to > view document A. > > 1. Create a role with the permissions create/view documents and smart > link view. > > 2. Create group named Individuals > > 3. Attach the role to group Individuals > > 4. Add user X to group Individuals. > > 5. Create metadata type named "Uploader_name" with default value user > name (or user Id). It is achieved by function that will call the > currently logged-in user. For now the only supported default value is > the function current_date(). The other available option is to use data > from User model. So the functionality is not available yet, but it > seems possible to achieve this with few lines of code. > > 6. Create Smart Link that will show only documents to users that have > the same username as "Uploader_name" value. Currently the available > variables are Properties and Metadata. Here I have to evaluate if it > is possible. > > 7. Create Access Control List (ACL) for the Smart Link with holder > "Individuals". In this way user X and all other users in this group > will inherit the permissions create/view documents and view smart > links. But with the restriction to view only documents that meet the > rule of the Smart Link. > > > So am I on the right path? I was thinking to hardcode the uploader > name in some model, maybe document properties, but the flexibility of > meta data looks handy. > > > Regards, > > Iliya
