An organization’s administrators can add individual users to it, with different roles depending on the level of authorization needed. A user in an organization can create a dataset owned by that organization. In the default setup, this dataset is initially private, and visible only to other users in the same organization. When it is ready for publication, it can be published at the press of a button. This may require a higher authorization level within the organization.
Any ideas on how this could be done?
One workaround I can think of is to modify the file(s) that present the Edit UI/form to Editor users to remove the Private/Public (Visibility) switch.
Found 3 places so far
```
$ # based on inspecting the Visibility switch html code on the dataset/package editing form in the ckan UI...
$ grep -rnw /usr/ckan/default/src/ckan -e 'field-private'
/usr/ckan/default/src/ckan/ckan/public/base/javascript/modules/dataset-visibility.js: ...
/usr/ckan/default/src/ckan/ckan/public/base/javascript/modules/dataset-visibility.min.js: ...
/usr/ckan/default/src/ckan/ckan/templates/package/snippets/package_basic_fields.html: ...
```
but not sure how exactly they should be changed atm.
```
{% set show_visibility_selector = user_is_sysadmin %}
```
but 1) new datasets still default to Public (whereas I'd want them to start as Private) and 2) this does not solve the problem of Editor users changing the the Visibility status via API. Not sure how to address these issues atm (could not quite understand the working/interaction of .js files that grep listed).
Any ideas on how this could be done? Is there a way to diable API tokens for non-Sysadmins or somewhere where I can just remove Member and Editor users from interacting with the Visibility setting totally?