| Function Documentation: |
Check that user is either the original submitter, or that it
belongs to the role(s) given as parameter. This enables
collaborative editing of records, so that collections can be
curated by a group of people in addition to the original
submitter.
If the user has permission, the function ends silently. If not, it
will raise an InvenioWebSubmitFunctionStop, informing the user that
they don't have rights and sending them back to the submission web
form.
This function makes it unnecessary to protect the submission with
WebAccess (i.e. 'submit' action): the function can check
authorizations by itself.
However if the case the action in which this function is used is
still protected with WebAccess (eg. an authorization exists for
the 'submit' action, in 'MBI'), ALL the possible submitters AND
the curators groups must be linked to the authorization in order
for WebSubmit to let users reach this function: this function then
ensures that only curators or submitters of the record will be
able to continue further.
A record owner must have her email in the record metadata.
A record curator must be in the role given as parameter to this
function.
WARNING: you must remember that category-based restrictions
require you to check that the selected category matches the
document to modify: one can select category 'foo' to modify
a document submitted in category 'bar', given that submissions
are indepedendant of the record they create.
WARNING: for backward compatibility reasons, if no role is given
as parameter, the function simply check against the WebAccess
'submit' action, with this submission parameters. It then means
that anybody connected to the authorization will be able to modify
ANY of the records this submission can handle.
@parameters:
- curator_role: a role or mapping of roles that determine if
user is a curator or not. The parameter can
simply be the name of a WebAccess role. For eg:
curator_photo
where 'curator_photo' is a WebAccess role
matching curator users for this submission.
The parameter can also map the submission
categories to different roles, so that
different curator groups can be defined. For eg:
ARTICLE=curator_art|REPORT=curator_rep|*=curator_gen
(syntax: '|' to split mappings, and '=' to map category->role)
This specifies that role 'curator_art' is used
when category 'Article' is selected (code for
this category is 'ARTICLE'), 'curator_rep' when
'Report' ('REPORT' code) is selected, and
curator_gen in all other cases. * matches all
categories.
When defining a mapping category->role, and
category cannot be retrieved (for eg. with
/submit/direct URLs that do not specify
category), only the * rule/role is matched.
Eg: foo=role1|*=role2 matches role2 only
When no role is defined or matched, the curator
role is checked against the WebAccess 'submit'
action, for current WebSubmit doctype, action
and category.
- curator_flag: the name of a file in which '1' is written if
current submitter is a curator. Otherwise, an
empty file is written.
If no value is given, no file is written.
@return: Empty string.
@Exceptions raised: InvenioWebSubmitFunctionStop when user is denied
permission to work with the record. |
host ::