Jerome has nicely defined the various cases, but, what I'm also trying to say here is the Is_original_submitter as it is now in the demo site has no real usage because the check for 'modifier-admin' who can edit anything is based on the MBI on doctype webaccess role. All users who can see the modification form have this role! So no matter if they are original submitters or not, they end up being able to modify the record (with just an additional warning)! Even if one wants to improve this functionality, he stumbles on the lack of the proper 'modifier-admin' role.
So, if i'm not mistaken and you agree, a new role/action and a new authorization check should be introduced in the invenio demo site if one wants to check for 'is modifier-admin' property in addition to 'has modify permissions for this doctype' and 'is original submitter'. Best regards, Theodoros 11 Ιουν 2013, 9:37, ο/η Jerome Caffaro<jerome.caff...@cern.ch> έγραψε: > Dear Theodoros, > > On 10. 06. 13 22:43, Theodoros Theodoropoulos wrote: >> I'm creating some custom websubmit functions to handle local needs when >> it comes to ability to Modify an existing record (similar to >> Is_Original_Submitter)[...] > > I think you have well understood and summarized the behaviour of this > function in your description. > > * WITHOUT WebAccess authorization for MBI and \ > WITHOUT Is_Original_Submitter > => ANYONE can modify > > * WITH WebAccess authorization for MBI and \ > WITHOUT Is_Original_Submitter > => USERS CONTROLLED BY WEBACCESS can modify > > * WITH WebAccess authorization for MBI and \ > WITH Is_Original_Submitter > => USERS CONTROLLED BY WEBACCESS can modify (with warning displayed > if not original submitter) > > * WITHOUT WebAccess authorization for MBI and \ > WITH Is_Original_Submitter > => ORIGINAL SUBMITTER can modify > > (Please someone correct the above if I am wrong!) > > As an example, out of the (about) hundred submission workflows of the > CERN Document Server, only one uses the Is_Original_Submitter > function. Other workflows use custom functions tuned to check > authorizations (in addition to other various validations). > > Best regards > -- > Jerome Caffaro ** CERN Document Server ** <http://cds.cern.ch/> >
