Refactor permissions
Refactoring the permission-related fields as discussed in #580 (closed)
-
Upload.user_id
andEntryMetadata.uploader
are renamed tomain_author
- It becomes possible to set coauthors on both the upload and the entry level. The fields are named
coauthors
andentry_coauthors
, respectively.-
NOTE 1: The field
coauthors
was previously defined on the entry level, but now it is set on the upload level. -
NOTE 2: we prefer users to use the field
coauthors
on the upload level, and if possible it would be nice to get rid of theentry_coauthor
field eventually.
-
NOTE 1: The field
- The field
Calc.shared_with
is renamed and moved toUpload.reviewers
(the name change is to make it more clear that they only have read permissions, now that there will potentially be multiple readers and writers) - The derived field
EntryMetadata.owners
is renamed toviewers
(also to make it clearer that these are the users who can read the data). The field is defined asmain_author
+coauthors
+reviewers
. - Introduces a new derived field
EntryMetadata.writers
to denote users who can write to the upload. Defined asmain_author
+coauthors
- The derived field
EntryMetadata.authors
is defined asmain_author
+coauthors
+entry_coauthors
-
NOTE: being in the
entry_coauthors
doesn't give you any permissions, neither to read from or to write to the upload. It only means you're listed as an author in the search index. This is the point, because we want the permissions to be determined at the upload level, so you either have read/write access to the whole upload or not (would be messy to have different permissions to different entries within the same upload)
Edited by David Sikter