Dear gang,
I am actually cleaning the code that is already partially running on
CDS, to actually forbid access to records to everybody but superadmin
and authors (as specified in MARC), before the record is actually
assigned to at least one collection by webcoll.
This code is necessary as for example in CDS, where we are running
webcoll every one hour, there would be otherwise a window of 1 hour
where a private record just submitted, would be available to the world
if the URL was known.
Now this open a partially related interesting question. Attached
documents can be as well separately protected.
The question is, shall we impose that authors are always authorized to
access any file attached to a record?
I can imagine a case when this is not wanted: e.g. if a record is going
to several step of a given workflow that implies some actors to attach
other files, which are not meant to be seen by the original authors
(e.g. approval workflow, one day, where the referee attach as a file,
his comments, to be visible to other referees, but not the author
himself - ok this would really be nasty WRT to the author as he would
see the existence of such file without being able to open it!).
So what do you thing? Is the above use case realistic? Or shall we
always let authors/submitter to access any document attached to a
record?
Cheers,
Sam
--
Samuele Kaplun
Invenio Developer ** <http://invenio-software.org/>
