Dear Devin,
In data Thursday 19 March 2009, Devin Bougie scribacchiaste dette parole:
> Is it possible to authorize the submitter of a record to take an
> action over a doctype? For example, we have created a photoadmin role
> that is authorized to "submit" over doctype "PICTURE" and act "MBI"
> and "SRV". This works properly for the users added to the
> "photoadmin" role, but also prevents the user that submitted a PICTURE
> document from taking these actions. We would still like the user that
> submitted the document to be able to modify the record or submit a new
> file.
if you protect via WebAccess the "MBI-SRV" act of the "submit" WebAccess
action, only user authorized by WebAccess will be able to perform it.
WebAccess is not able to read the MARC and check if the current user is also
the submitter. Hence protecting a doctype/act directly with WebAccess, won't
let the submitter to be authorized.
However, you can decide to not protect directly via WebAccess you desired
doctype/act, or to protect it via a larger authorization which will include
also the possible submitter, and later to add in the submission function
chain, for PICTURE/MBI-SRV, the WebSubmit function "Is_Original_Submitter".
This function will check both if the user is authorized to perform the action
and if the user is the original submitter.
Best regards,
Samuele
--
Samuele Kaplun ** CERN Document Server ** <http://cds.cern.ch/>
