Skip to content

Model Permissions

Jump to bottom
Paolo Ciccarese edited this page Apr 29, 2015 · 22 revisions

Smart Storage supports access control by allowing each annotation to carry the permission info that determines who can see, comment on or edit that annotation.

Following the example of the Annotator.js permissions plugin, Smart Storage allows for four levels of permissions:

  • read: Who can view the annotation
  • update: Who can edit the annotation
  • delete: Who can delete the annotation
  • comment: Who can comment on the annotation
  • admin: Who can change these permissions on the annotation

So the permissions can be specified as follows:

{
    ...
    "@type": "oa:Annotation",
    ...
    "permissions": {
        "read": [..IDs..],
        "admin": [..IDs..],
        "update": [..IDs..],
        "delete": [..IDs..],
        "comment": [..IDs..]
    }
}

Where:

  • IDs can be IDs of users and/or groups.
  • an empty array (no IDs) means that anyone can perform that action.

Controlled public annotation (default)

Everyone can see the annotation but only the author can update (edit), delete or administer the annotation.

{
    ...
    "@type": "oa:Annotation",
    ...
    "annotatedAt": {
        "@id": "http://orcid.org/0000-0002-5156-2703",
        "@type": "foaf:Person",
        "name": "Paolo Ciccarese"
    },
    ...
    "permissions": {
        "read": [],
        "admin": ["user:http://orcid.org/0000-0002-5156-2703"],
        "update": ["user:http://orcid.org/0000-0002-5156-2703"],
        "delete": ["user:http://orcid.org/0000-0002-5156-2703"],
        "comment": ["user:http://orcid.org/0000-0002-5156-2703"]
    }
}

Note: If no permission is defined for an annotation, the permissions will be sat up as 'Controlled public annotation'.

Fully public annotation (not recommended)

Everyone can see, update (edit), delete or administer the annotation.

{
    ...
    "@type": "oa:Annotation",
    ...
    "permissions": {
        "read": [],
        "admin": [],
        "update": [],
        "delete": [],
        "comment": []
    }
}

Private annotation

Only the user who created the annotation can see, update (edit), delete or administer the annotation.

{
    ...
    "@type": "oa:Annotation",
    ...
    "annotatedAt": {
        "@id": "http://orcid.org/0000-0002-5156-2703",
        "@type": "foaf:Person",
        "name": "Paolo Ciccarese"
    },
    ...
    "permissions": {
        "read": ["user:http://orcid.org/0000-0002-5156-2703"],
        "admin": ["user:http://orcid.org/0000-0002-5156-2703"],
        "update": ["user:http://orcid.org/0000-0002-5156-2703"],
        "delete": ["user:http://orcid.org/0000-0002-5156-2703"],
        "comment": ["user:http://orcid.org/0000-0002-5156-2703"]
    }
}

Group annotation

Everyone in the group can see, update (edit), and comment on the annotation. Only the creator can administer and delete:

{
    ...
    "@type": "oa:Annotation",
    ...
    "annotatedAt": {
        "@id": "http://orcid.org/0000-0002-5156-2703",
        "@type": "foaf:Person",
        "name": "Paolo Ciccarese"
    },
    ...
    "permissions": {
        "read": ["group:043773d146297744014629775ea40013"],
        "admin": ["user:http://orcid.org/0000-0002-5156-2703"],
        "update": ["group:043773d146297744014629775ea40013"],
        "delete": ["user:http://orcid.org/0000-0002-5156-2703"],
        "comment": ["group:043773d146297744014629775ea40013"]
    }
}
Clone this wiki locally