Neither PUBLIC nor self-editors get to edit any properties by virtue of their role.

2012-03-29 16:36:09 +00:00 · 2012-03-29 16:36:09 +00:00 · 71ed58cc2e
commit 71ed58cc2e
parent 6ed41b7745
2 changed files with 13 additions and 5 deletions
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionRegistry.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/PermissionRegistry.java
@ -145,6 +145,11 @@ public class PermissionRegistry {
 			}
 		}

+		/**
+		 * There is no DisplayByRolePermission for self-editors. They get the
+		 * same rights as PUBLIC. Other permissions give them their self-editing
+		 * privileges.
+		 */
 		private Collection<Permission> createDisplayByRolePermissions(
 				ServletContext ctx) {
 			List<Permission> list = new ArrayList<Permission>();
@ -159,13 +164,20 @@ public class PermissionRegistry {
 			return list;
 		}

+		/**
+		 * There is no EditByRolePermission for PUBLIC or for self-editors. A
+		 * property may be given an edit-level of "PUBLIC", but that may also
+		 * simply be the default assigned to it when editing, and we don't want
+		 * to recognize that.
+		 * 
+		 * Other permissions give self-editors their editing privileges.
+		 */
 		private Collection<Permission> createEditByRolePermissions(
 				ServletContext ctx) {
 			List<Permission> list = new ArrayList<Permission>();
 			list.add(new EditByRolePermission("Admin", RoleLevel.DB_ADMIN, ctx));
 			list.add(new EditByRolePermission("Curator", RoleLevel.CURATOR, ctx));
 			list.add(new EditByRolePermission("Editor", RoleLevel.EDITOR, ctx));
-			list.add(new EditByRolePermission("Public", RoleLevel.PUBLIC, ctx));
 			return list;
 		}

--- a/webapp/web/WEB-INF/resources/permission_config.n3
+++ b/webapp/web/WEB-INF/resources/permission_config.n3
@ -137,7 +137,6 @@ auth:SELF_EDITOR
    #     For role-based display and editing, SelfEditor is like Public. 
    #     SelfEditor uses its special permissions to edit/display its own values.
    auth:hasPermission displayByRole:Public ; 
-    auth:hasPermission editByRole:Public ; 
    .

 auth:PUBLIC
@ -150,7 +149,4 @@ auth:PUBLIC

    # role-based permissions for PUBLIC
    auth:hasPermission displayByRole:Public ;
-    
-    # why are some properties declared editable by PUBLIC, but we don't want them to be.
-    # auth:hasPermission editByRole:Public ;
    .