Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC Removal of default permissions #137

Closed
jirikuncar opened this issue Jul 4, 2016 · 5 comments · Fixed by #138
Closed

RFC Removal of default permissions #137

jirikuncar opened this issue Jul 4, 2016 · 5 comments · Fixed by #138
Labels
Type: discussion
Milestone
v1.0.0

Comments

@jirikuncar
Copy link
Member

Proposal

Can we remove invenio_records.permissions module as it is not recommended for large repositories to store per record access rights in invenio-access?

cc @inveniosoftware/triagers
@jirikuncar jirikuncar added this to the v1.0.0 milestone Jul 4, 2016
jirikuncar added a commit to jirikuncar/invenio-records that referenced this issue Jul 4, 2016
@jirikuncar
global: removal of access permissions
a3a5edc 
* Removes default permission factories using Invenio-Access module.
  (closes inveniosoftware#137)

Signed-off-by: Jiri Kuncar <[email protected]>
@tiborsimko
Copy link
Member

Indeed, we may want to recommend to use the collection concept instead. Note that this is touching the forthcoming "Invenio 3 Beta Access" sprint on how the recommended access control may look like; hopefully uniformly across services. E.g. CDS started to experiment with an alternative approach to collections... CERNDocumentServer/cds-videos#160 (comment)

jirikuncar added a commit to jirikuncar/invenio-records that referenced this issue Jul 4, 2016
@jirikuncar
global: removal of access permissions
b202f8a 
* Removes default permission factories using Invenio-Access module.
  (closes inveniosoftware#137)

Signed-off-by: Jiri Kuncar <[email protected]>
@nharraud
Copy link
Member

nharraud commented Jul 4, 2016

@jirikuncar I understand the need to remove the permission per record as it would bloat the database. However having a permission for reading, updating, deleting, creating ALL records can be useful. That way it is possible to create custom admin roles.

@tiborsimko I would be interested to see the suggested designs for permissions. We started some time ago a specification document for the permissions in B2Share. I would like to see how well these designs match our needs.
The code I see in the mentioned PR looks like what we where doing for the CloudView search engine and it worked well for search filtering.

jirikuncar added a commit to jirikuncar/invenio-records that referenced this issue Jul 4, 2016
@jirikuncar
global: removal of access permissions
2536136 
* Removes default permission factories using Invenio-Access module.
  (closes inveniosoftware#137)

Signed-off-by: Jiri Kuncar <[email protected]>
jirikuncar added a commit to jirikuncar/invenio-records that referenced this issue Aug 2, 2016
@jirikuncar
global: removal of access permissions
8b8e9d0 
* Removes default permission factories using Invenio-Access module.
  (closes inveniosoftware#137)

Signed-off-by: Jiri Kuncar <[email protected]>
@jirikuncar jirikuncar mentioned this issue Aug 2, 2016
Closed
6 tasks
@nharraud
Copy link
Member

nharraud commented Aug 2, 2016

Ok for removing the permissions from invenio-records. As there are different kind of records (ex: deposits), having generic records permissions does not make sense anymore.

@tiborsimko
Copy link
Member

I'd be also in favour of decoupling permissions better... But let's see @lnielsen's original use case for including it here and @egabancho`s RFC inveniosoftware/invenio-access#70

@jirikuncar jirikuncar mentioned this issue Aug 3, 2016
Merged
@lnielsen
Copy link
Member

lnielsen commented Aug 4, 2016

I think we can remove it, but I would appreciate if you could test out #138 on Zenodo. Basically, install Zenodo with #138, and run the tests.

Just to ensure that there's no collateral damage from making this change.

@lnielsen lnielsen mentioned this issue Aug 4, 2016
Merged
jirikuncar added a commit to jirikuncar/invenio-records that referenced this issue Aug 8, 2016
@jirikuncar
global: removal of access permissions
350dee1 
* Removes default permission factories using Invenio-Access module.
  (closes inveniosoftware#137)

Signed-off-by: Jiri Kuncar <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: discussion
Projects
None yet
Milestone
v1.0.0
Development

Successfully merging a pull request may close this issue.

global: removal of access permissions jirikuncar/invenio-records
4 participants
@jirikuncar @tiborsimko @lnielsen @nharraud