diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionRegistry.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionRegistry.java index 44461249a..775ace11b 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionRegistry.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionRegistry.java @@ -145,6 +145,11 @@ public class PermissionRegistry { } } + /** + * There is no DisplayByRolePermission for self-editors. They get the + * same rights as PUBLIC. Other permissions give them their self-editing + * privileges. + */ private Collection createDisplayByRolePermissions( ServletContext ctx) { List list = new ArrayList(); @@ -159,13 +164,20 @@ public class PermissionRegistry { return list; } + /** + * There is no EditByRolePermission for PUBLIC or for self-editors. A + * property may be given an edit-level of "PUBLIC", but that may also + * simply be the default assigned to it when editing, and we don't want + * to recognize that. + * + * Other permissions give self-editors their editing privileges. + */ private Collection createEditByRolePermissions( ServletContext ctx) { List list = new ArrayList(); list.add(new EditByRolePermission("Admin", RoleLevel.DB_ADMIN, ctx)); list.add(new EditByRolePermission("Curator", RoleLevel.CURATOR, ctx)); list.add(new EditByRolePermission("Editor", RoleLevel.EDITOR, ctx)); - list.add(new EditByRolePermission("Public", RoleLevel.PUBLIC, ctx)); return list; } diff --git a/webapp/web/WEB-INF/resources/permission_config.n3 b/webapp/web/WEB-INF/resources/permission_config.n3 index f9378222e..13bf22021 100644 --- a/webapp/web/WEB-INF/resources/permission_config.n3 +++ b/webapp/web/WEB-INF/resources/permission_config.n3 @@ -137,7 +137,6 @@ auth:SELF_EDITOR # For role-based display and editing, SelfEditor is like Public. # SelfEditor uses its special permissions to edit/display its own values. auth:hasPermission displayByRole:Public ; - auth:hasPermission editByRole:Public ; . auth:PUBLIC @@ -150,7 +149,4 @@ auth:PUBLIC # role-based permissions for PUBLIC auth:hasPermission displayByRole:Public ; - - # why are some properties declared editable by PUBLIC, but we don't want them to be. - # auth:hasPermission editByRole:Public ; .