Project

General

Profile

feature request #6867

Updated by Andreas Kohlbecker over 1 year ago

After an in depth discussion in #4305 we decided that for phyconbank the strategy **D)** (per instance UPDATE & DELETE permission) would be the most appropriate:

* a submitter will the per instance UPDATE+DELETE permission when he creates a Reference, TeamOrPersonBase, Name instance.
* once a registration is set to the states `rejected`, `ready` or `published` the UPDATE+DELETE permission must be revoked again, so that the registered name and references are protected from being changed after the editing registration workflow has ended.

~~The `RegistrationManager` (#6655) will be responsible for assigning and revoking of authorities.~~ **NOTE**: It is more reliable to implement the revoking of permissions in a **`GrantedAuthorityRevokingRegistrationUpdateListener`** which has been implemented with for #7148 in commit:cdm-vaadin|af48539c

----

For the future is might be good idea to move the assignment of authorities into the cdmlib istelf:

* A `ExtendedCreatePermissionManager`. This implements listener interfaces
* hibernate `SaveOrUpdateEventListener` or `Interceptor` to be able to act when a newly created instance of *Reference, TeamOrPersonBase, Name, ...* is being saved, see #7147
* `RegistrationStateChangeEventLister` to be noticed when the registration state is changed to `rejected`, `ready` or `published` so that the permissions can be revoked. ==> this has been implemented as Hibernate PostUpdateEventListener the `GrantedAuthorityRevokingRegistrationUpdateListener` **DONE**

Back

Add picture from clipboard (Maximum size: 40 MB)