[daisy] Publish immediately & no publishing permissions in document editor

Paul Focke paul at outerthought.org
Fri Jun 6 12:03:53 CEST 2008 

You know, I was dreaming about this just the other day. My mind wandered
to a javascript client implementation of the Access Manager. Since
certain rights can be prohibited or permitted by changing field values,
collections and what not the Access Manager would have to be consulted
every time an ACL sensitive field is changed.

Lets sum up the rights a user can have
 * read : if a user should lose his/her read access then I believe the
editor should be warned and told what is causing this. I haven't given
the case of restricted read access any thought ( where a user can see
the document but not certain parts,fields,indexes,...)
 * write : no write access gets the same warning as about and maybe
disable the save button, since saving will probably cause an exception
(no 100% sure about that)
 * delete : not really an issue
 * publish : if a user can publish then the publish checkbox should
become unchecked and disabled.

A client side access manager. The ACL is basically quite simple a bunch
of rules describing what a user can/can't do. These rules could be taken
up into the browser but there is just one pain. The 'if' part of each
rule is in the daisy expression language. This would have to parsed and
then checked to see if the rule does (not) match the document. So this
would mean modeling the following in javascript
 * the daisy document (maybe limited to acl sensitive stuff) : the
object would change every time a change is made in the editor
 * acl rules : with all the parsed expressions
 * user : this little object already exists somewhere

Another way to go about this would be regularly check the access manager
in the backend (think AJAX). This would mean calls going all the way
back to the repository. Sending 'large' heaps of data to the repository
at regular intervals will cause quite a bit of overhead but it has the
advantage of not having to maintain the access logic in two places.

Anyway there's food for thought here. What do you guys think?

Paul

On Fri, 2008-06-06 at 11:01 +0200, Karel Vervaeke wrote:
> It is currently not possible to do that using styling, so there would be
> some more work involved.
> 
> There is one little catch: you can't really be sure that the user will
> be allowed to publish unless you have the complete document information
> (e.g. an Acl entry might deny publish rights if the document exceeds a
> particular amount of bytes).  Don't worry too hard though: (a) this is a
> bordercase and (b) one could work around this by submitting the document
> temporarily by hitting the html cleaner button or by going back and
> forth to another tab in the editor.
> 
> Anyway, now for the implementation part:
> 
> look for publishImmediately in documenteditor.xml, you will either want
> to
> (a) hide the checkbox if the user is not allowed to publish
> (b) make the checkbox unchecked + disabled
> (c) just display a warning if the user tries to uncheck it.
> 
> in DocumentEditorApple.java, add something like this: (copied from
> LocalDocumentStrategy.store(...)
> 
> AclResultInfo newAclInfo =
> context.getCommonRepository().getAccessManager().getAclInfoOnLive(systemUser, documentInt.getCurrentUser().getId(),documentInt.getCurrentUser().getActiveRoleIds(), document);
> 
> boolean canPublish = newAclInfo.isAllowed(AclPermission.PUBLISH);
> 
> (put the canPublish parameter in the viewData so you can use it in the
> documenteditor.xml template)
> 
> This seems like a general improvement, so feel free to create a Jira
> issue.  Don't forget to attach a patch if you implement this.
> 
> Regards,
> Karel
> 
> 
> On Thu, 2008-06-05 at 22:40 +0100, Iolanda Da Costa Martins wrote:
> > I have a Document Collection where a certain role does not have publishing permissions.
> >  
> > However, a user acting in that role can still see the 'publish immediately' check box/label and check it before saving. I know that it does not work: ie, if the save option is selected but the user does not have such permissions, the result will be a new draft version, not publish version.
> >  
> > I would like to do is to hide away that option when the ACL says that the publish permission is denied. 
> >  
> > I know how I can filter out stuff based on ACL in the menus, but I can not find a way of doing this in the editor.
> >  
> > Cheers,
> >  
> > Iolanda
> > Chordiant Software International Ltd. Registered office: Chiswick Park Building 10, 566 Chiswick High Road, London W4 5XS Registered in UK no. 02155722 and VAT no. GB 479 9023 02 The information transmitted herewith is sensitive information of Chordiant Software or its customers and is intended only for use to the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon, this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.
> > _______________________________________________
> > daisy community mailing list
> > Professional Daisy support: http://outerthought.org/en/services/daisy/support.html
> > mail to: daisy at lists.cocoondev.org
> > list information: http://lists.cocoondev.org/mailman/listinfo/daisy
> _______________________________________________
> daisy community mailing list
> Professional Daisy support: http://outerthought.org/en/services/daisy/support.html
> mail to: daisy at lists.cocoondev.org
> list information: http://lists.cocoondev.org/mailman/listinfo/daisy

More information about the daisy mailing list