[VIVO-1436] Implementation of Advanced Role Management
Created by: grahamtriggs
What does this pull request do?
This pull request provides the framework for permissions to view, edit and publish properties to be assigned discretely to roles, rather than as a hierarchy of super-user > user > public.
What's new?
It replaces the Policy code for granting access to properties such that the roles can be given access to or denied access for properties independent of there being a "hierarchy" of roles.
It includes a migration startup listener that will take any old policies defined on existing properties, and convert them to the equivalent role permissions.
The editing of properties has been updated to provide checkboxes for assigning properties to roles, rather than a drop-down of a role hierarchy.
Property permissions are now stored in the User Accounts model, along with the other role and permission settings.
How should this be tested?
After upgrading, an existing installation should still have the same permissions as before (i.e. the same people should have the same access to view / edit content).
The edit pages for the properties should show checkboxes for the permissions granted, and any changes to the permissions should be honoured.
Creating new properties should default to a "sensible" set of checkboxes being already selected (e.g. all view permissions and editors can update).
Additional Notes:
Documentation will need to be updated for the new permissions. This should not be merged without also merging the equivalent VIVO pull request.
Interested parties
@VIVO-project/vivo-committers