Multi user system stage 1

[BBGuy]

Business needs

This will involve the creation of roles supporting three levels of users.

• Visitor - Can view data
• Asset Author - can create assets and edit his own assets
• Kendra admin - can edit & create any content
  We currently need to approve users so we should :
• create an admin screen for approving users and assigning roles (low priority). - moved to Multi user system stage 2 #61
• Related issue prototype site pages #25 remaining tasks are related to this.
  Points to consider
• We can add the ability to link a user to a legal entity (Kendra admin only) - stage 2 as this is not a simple direct relation.

At a later stage we will look at more granular permission system based on asset management & usage this will be much more application specific and will tie in to the versioning and conflict resolution.

Technical implantation

Kendra admin

Manage all aspects of the Kendra system (in the future we will have more granular roles)
using the existing unused kendra role

• create "Test kendra admin" account
• Set permissions - all Asset Author + ....
• Test & review - this is tested & working for asset actions but need to be tested with create all other site functionality. - only issue is with terms see below

Asset Author

A user that can create new Assets and edit his own assets.

• create 'Asset Author' role
• create "test Asset Author" account
• Set permissions see "Permissions for Asset Author" below
• review permissions see "Permissions for Asset Author" below
• Use views plugin to create a new views access handler - "Asset owner"
• Deploy views plugin (see below)
• Resolve permissions issues for rule link see "Permissions for Asset Author" below we can maybe use a rule condition using the same function as the view one. - this is specially an issue for the weight adjustment.

Visitor

One with an account approved by a Kendra admin - can see all data but can not add or change
using the built in authenticated user role

• Add a block at the top of "Create new account" that says "Account application" - "by submitting the form you will create an account request that will need to be authorized by one of the site administrators" or similar.
• create "test visitor" account
• clean interface - by default this role has only permissions to view however some of the interface like the "add asset" button may suggest otherwise" - moved to Multi user system stage 2 #61

[BBGuy]

Permissions for Asset Author

Node

Asset: Create new content
Asset: Edit own content
Contribution: Create new content
Contribution: Edit own content
Contribution: Delete own content
Event: Create new content
Event: Edit own content
Event: Delete own content
Legal Entity: Create new content ?
not- Asset: Delete own content ?

Rule links

Those all have issues and we need to find a way to resolve in one of two ways or more then likely we need both a) for security b) for UX :
a) Add a condition to the role that understands the business logic of Kendra
b) Exclude from rendering

• "Add contribution: Execute rules link" - displays on all assets can only be used on owned assets
• "Increase contribution weight: Execute rules link" &
• "Decrease contribution weight: Execute rules link" - displays and works on all assets
• "New Embedded Asset (sub clip): Execute rules link" - displays and works on all assets
• "Embed a Sample: Execute rules link"

views:

admin/structure/views/view/asset_actions/edit/block

[BBGuy]

I create a new module "Kendra user" that adds a views plug in to be used with the "Asset actions" view
to deploy

• push to dev
• Sync dev from live
• Enable module and update view
• Test
• merge to master & update view
• Test

[BBGuy]

This is mostly working on dev now so can be tested using the two new accounts that where created.
The remaining issues are to do with improved UI for visitor and improved security for Asset Author.

[BBGuy]

Pushed the fist stage to live and tested two issues came up

1. not related to the work but we are getting errors on calendar page - created "Warning: Illegal string offset" on Calendar page  #53
2. Weights of all assets can be adjusted by an Asset Author even if he is not he owner - this will be resolved by adding a rule condition to check if a Rule link is allowed for the asset.

[BBGuy]

Rules integration

Rules integration for checking if user can edit asset.
Develop

• Create a new code unit and a condition: "User can edit the asset" that takes a node and a user as arguments
  Create a function to implement the above with two cases:
• one for nodes that are an asset
• one for nodes that are an contribution
• update the two contribution rule links for Decrease/Inc contribution weight condition
• update all the asset actions
• Disable the asset actions view access restrictions and test.

Go Live

• Push to dev & test
• merge code, pull and cc all
• update the two contribution rule links for Decrease/Inc contribution weight condition
• update all the asset actions

[BBGuy]

I pushed the rules integration live after some testing on dev.
I added the "kendra" role to all the admin users as this is needed to edit assets

[BBGuy]

@dahacouk - I still have some work to so but would be good to get some input on this

[BBGuy]

Kendra admin permissions review

Kendra admin need to be able to add edit & delete Taxonomy terms. however the taxonomy overview page and the term add are both controlled by the same permission that gives all Taxonomy managment to the role.
We can use the Taxonomy access fix to fix this.

• evaluate Taxonomy access fix

[BBGuy]

This is now pushed to dev to setup taxonomy management for the kendra role"

• merge to master & pull
• drush en taxonomy_access_fix
  Add permissions to "Kendra" user
• Add/Edit/Delete terms in Right Type
• Add/Edit/Delete terms in Role Type
• add menu item Manage taxonomy admin/structure/taxonomy to Main menu

[dahacouk]

I'd like to talk about weights terminology/context. My feeling is that there is no absolute weight – it is relative. Weight is a relationship between 2 or more legal entities. Let's talk.

On 5 Jan 2015, at 13:24, Guy Schneerson [email protected] wrote:

Rules integration

Rules integration for checking if user can edit asset.
Develop

• Create a new code unit and a condition: "User can edit the asset" that takes a node and a user as arguments
  Create a function to implement the above with two cases
• one for nodes that are an asset
• one for nodes that are an contribution
• update the two contribution rule links for Decrease/Inc contribution weight condition
• update all the asset actions
• Disable the asset actions view access restrictions and test.

Go Live

• Push to dev & test
• merge code, pull and cc all
• update the two contribution rule links for Decrease/Inc contribution weight condition
• update all the asset actions
  -[ ] test.

---

Reply to this email directly or view it on GitHub:
#51 (comment)

[BBGuy]

@dahacouk - yes the weights are currently designed to work depending on the context however we also talked about them having virtual values that can be inherited from a CMO

[BBGuy]

Stage 1 implemented now any remaining minor issues moved to #61 (low propriety).