#211: Enhancing per document protection
----------------------------------+-----------------------------------------
Reporter: skaplun | Owner: skaplun
Type: enhancement | Status: new
Priority: major | Milestone: v1.1
Component: WebAccess | Version:
Keywords: BibDoc authorization |
----------------------------------+-----------------------------------------
Currently the only way to protect a document (i.e. a BibDoc) is by
specifying a value in the ```STATUS``` column of the ```bibdoc``` table,
which should then be matched with authorizations for the
```viewrestrdoc``` WebAccess action.
It is sometimes necessary to protect each document with a unique
protection (e.g. to authorize only a mailing list created after the
reportnumber of a given record).
Currently that means that if you need a different restriction per
document, you end up with creating each time an authorization and each
time a new WebAccess ```role```.
This might impact on the general performance and usability of WebAcess.
I prose here that the ```STATUS``` semantic should be enhanced to allow
for also specifying:
* '''email''' of the user authorized
* '''group''' for local/external groups
* '''e-group''' (shortcut for CERN e-group)
* '''role''' for a WebAccess role
* '''firerole''' for a firerole like definition
* '''status''' for the current interpretation
The syntax to use might be:
{{{
type: string
}}}
where ```type``` is one among: '''email''', '''group''', '''e-group''',
'''role''', '''firerole''', '''status''', and ```string``` is the actual
value.
{{{
e-group: foo
}}}
will be a shortcut for:
{{{
group: foo [CERN]
}}}
For backward compatibility when "```type: ```" is omitted this will have
the same meaning of "```status: string```".
--
Ticket URL: <http://invenio-software.org/ticket/211>
Invenio <http://invenio-software.org>
