Skip to content
This repository has been archived by the owner on Nov 9, 2022. It is now read-only.

Enable users to control permissions during merging #202

Open
dmcassel opened this issue Oct 15, 2018 · 3 comments
Open

Enable users to control permissions during merging #202

dmcassel opened this issue Oct 15, 2018 · 3 comments
Labels
enhancement New feature or request

Comments

@dmcassel
Copy link
Contributor

Configuration will control the permissions that get applied to documents at various times. Configuration will be part of the merge options.

  <algorithms xmlns="http://marklogic.com/smart-mastering/merging">
    <permissions >
      <on-merge function="union" at="/some/dir/code.xqy" ns="some-namespace"/>
      <on-archive function="no-change" at="/some/dir/code.xqy" ns="some-namespace"/>
      <on-no-match function="no-change" at="/some/dir/code.xqy" ns="some-namespace"/>
      <on-notification function="union" at="/some/dir/code.xqy" ns="some-namespace"/>
    </permissions >
  </algorithms>

The on-merge strategy will determine what permissions are applied to newly created merged documents. Default strategy: union of all permissions on source documents, plus $const:CONTENT-COLL. Comment if there's interest in having an intersection plus $const:CONTENT-COLL strategy available out of the box.

The on-archive strategy will determine what permissions are applied to documents that get archived (merged into other documents). Default strategy: no change to permissions.

The on-no-match strategy will determine what permissions are applied to documents passed to process:process-match-and-merge but do find any matches. Default strategy: no change to the document's permissions.

The on-notification strategy will determine what permissions are applied to newly created notification documents. Default strategy: notification documents will get the union of the source document permissions.

For each type of permission strategy, we'll define an API that can be used to make custom strategies.
@dmcassel dmcassel added the enhancement New feature or request label Oct 15, 2018
@freshie
Copy link

freshie commented Dec 6, 2018
edited
Loading

This came up yesterday at a customer. They want to be able to control permissions like collections can be controlled. Something like this.

<permissions>
        <on-archive>
          <remove>
            <permission capability="read">permission-mastered</permission>
          </remove>
          <add>
            <permission capability="read">permission-archive</permission>
          </add>
        </on-archive>
        <on-merge>
          <remove>
            <permission capability="read">permission-harmonized</permission>
          </remove>
          <add>
            <permission capability="read">permission-mastered</permission>
            <permission capability="read">permission-smAdmin</permission>
            <permission capability="update">permission-smAdmin</permission>
          </add>
        </on-merge>
</permissions>

@aajacobs
Copy link
Contributor

aajacobs commented Dec 6, 2018

@freshie Thanks for sharing. It confirms the idea that controlling custom permissions should follow the same pattern as controlling custom collections.

@popzip
Copy link

popzip commented Dec 7, 2018

Can you give an example scenario to give context and for testing? eg what is the use case, what permissions and logic do they want to apply?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dmcassel @freshie @popzip @aajacobs