Revise user permissions rule for assigning book and book component editors and authors
Context
This issues describes the required changes to user permissions on books and book components to resolve book manager performance issues. The BCMS currently has permissions rules that say:
- when a user creates a book, make that user the editor of the book
- when a user creates a chapter (by uploading a file) make that user the author of the chapter. (this is done on the backend only at this stage)
However, as NCBI has reported (see epic &106 and 457#note_108306)
Stacy's account is editor to migrated books and chapters. Having a reference list of all books and chapters that she's an editor for, and checking books against these lists causes severe performance degradation and consistent browser crashes for Stacy's account. Instead, permissions should probably be part of the getBook call lists should be removed.
Proposal
An editor or author role should not be required. Therefore, revise the permissions rules:
- When a user creates a book, make that user the editor of the book unless the user is a System Admin of the BCMS or an Org Admin of the Organisation
- When a user creates a chapter (by uploading a file) make that user the author of the chapter unless the user is a System Admin of the BCMS; or Org Admin of the Organisation; or an Editor of the Organisation
On the frontend the change is: A system admin or Org Admin will not be listed on the "Team" tab in the "Editor" section for a book or chapter and an Editor of an Org will not be listed on the "Team" tab in the "Editor" section for a chapter.
Note: the user who creates the book or chapter component is recorded as the owner
. In future we can expose this information for activity tracking in the UI. E.g. "Stacy created 'book title' on 'date'."
Acceptance criteria
- A system admin or Org Admin will not be listed on the "team" tab in the "Editor" section in the Team modal of a book. (see screenshot example below)
- A system admin, Org Admin, and Editor will still have the relevant permissions as per BCMS permissions rules
Note: the performance from the users perspective will be tested after all linked items are complete
Definition of ready
-
BCMS User Story / Context has been well defined -
The priority of the user story is specified and agreed -
Digital assets added (design, database scheme, mockups etc if relevant) -
Coko Technical Proposal approved by NCBI -
Testable Acceptance Criteria approved by NCBI -
Estimate of effort to complete (time or points) -
The issue has been broken down into development tasks (if necessary) -
Requirements Clarified -
The product owner and development team agree that the user story is ready for development -
NCBI adds “Dev_Ready”
Definition of done
-
All coding tasks are finished and implemented -
QA approved -
Deployed and tested on “ncbidev” (by Coko team) -
Deployed and tested on “ncbi” (by NCBI team) -
Acceptance Criteria Met
Implementation
- Update the permissions rules above
- Any time a user is assigned Org Admin or Sys Admin role, revoke their role-specific privileges on collections, books, and chapters.
- Write migration script for all current data to remove Sys admins and Org Admins users as "editors" of book and chapters that they created
Alternative approaches (if applicable)
Scheduling
-
Milestone is linked -
Iteration is linked -
Dependencies: none -
Development estimate is added to issue time tracking