feature request #6867closed
explicitely assign and revoke UPDATE & DELETE permission per enitity in the registration workflow
After an in depth discussion in #4305 we decided that for phyconbank the strategy D) (per instance UPDATE & DELETE permission) would be the most appropriate:
- a submitter will get the per instance UPDATE+DELETE permission when creating a Reference, TeamOrPersonBase, Name instance.
- once a registration is set to the states
publishedthe UPDATE+DELETE permission must be revoked again, so that the registered name and references are protected from being changed after the editing registration workflow has ended.
The NOTE: It is more reliable to implement the revoking of permissions in a
RegistrationManager (#6655) will be responsible for assigning and revoking of authorities.
GrantedAuthorityRevokingRegistrationUpdateListener which has been implemented with for #7148 in cdm-vaadin|af48539c
For the future is might be good idea to move the assignment of authorities into the cdmlib istelf:
ExtendedCreatePermissionManager. This implements listener interfaces
Interceptorto be able to act when a newly created instance of Reference, TeamOrPersonBase, Name, ... is being saved, see #7147
RegistrationStateChangeEventListerto be noticed when the registration state is changed to
publishedso that the permissions can be revoked. ==> this has been implemented as Hibernate PostUpdateEventListener the