Project

General

Profile

feature request #6867

Updated by Andreas Kohlbecker over 6 years ago

After an in depth discussion we decided that for phyconbank the strategy **D)** D) (per instance UPDATE & DELETE permission) would be the most appropriate: 

 * a submitter will the per instance UPDATE+DELETE permission when he creates a Reference, TeamOrPersonBase, Name instance. 
 * once a registration is set to the states `rejected`, `ready`    rejected, ready or `published` published the    UPDATE+DELETE permission must be revoked again, so that the registered name and references are protected from being changed after the editing registration workflow has ended. 

 The `RegistrationStateManager` RegistrationStateManager (#6655) could therefore be responsible for revoking authorities. Assignment of authorities however should not be managed in this state machine: 

 * implement a `ExtendedCreatePermissionManager`. This implements two listener interfaces 
   * hibernate `SaveOrUpdateEventListener` to be able to act when a newly created instance of *Reference, TeamOrPersonBase, Name* is being saved 
   * `RegistrationStateChanegEventLister` to be noticed when the registration state is changed to `rejected`, `ready`    or `published` so that the permissions can be revoked. 

 machine.

Back