Phase I: Discrete display / edit assertions to replace “and below” permissions for fields
We want to have discrete assertions for saying that a role is able to display and/or edit a field, rather than the current hiddenFromDisplayBelowRoleLevelAnnot / prohibitedFromUpdateBelowRoleLevelAnnot. This will also involve changing admin screens that provide a display level / update level to allow for a checkbox based assertion of multiple roles, rather than a drop-down / radio button.
Phase II: Create an upgrade script to replace the existing “and below” permissions
In order to push these changes to existing triple stores, we will create a script process that will rewrite existing “DisplayBelow / UpdateBelow” assertions into the equivalent granting of rights to the existing roles. We will also update the default definitions in the home folder for creating a new Vitro / VIVO instance.
Phase III: Remove hardcoded references to role levels from the Java code
Now, there shouldn’t be anything left that assumes the inherited model of role authorisation. Once that is confirmed, we can externalise the role level definitions from the BaseResourceBean (and the PermissionSets uris?), and have the available roles defined entirely by configuration.
Phase IV: Role-oriented control panel for enabling/disabling permissions
Simple control panel(s) for setting the permissions for roles across multiple fields, in addition to editing permissions on a field-by-field basis (a grid of checkboxes, fields on one axis, roles on the other.)
- Ontology editor
- Page management (tbd.)
Phase V: Control panel for creating new roles
- Generate dynamic list of all existing roles
- Test, if multiple roles are shown in the user account table
- Develop a matrix / table view to allow to administrate the set of rights belonging to a property or class in the ontology editor.
Checkboxes for each role for all the three permissions (display, update, publish)