We’re looking for community input on a discussion that's been happening on Github and on the Committers call. For more details, see Github (and Jira).
Widespread(?) Misconception
So there's always been a way in Islandora to set an object as either "Active" (default), "Inactive", or "Deleted". It's under Manage > Properties, same place you can purge (i.e. permanently remove from the repository) an object.
[Image showing the management interface for an Islandora object, at the Manage tab > Properties tab, showing that ‘State’ can be set to ‘Active’, ‘Inactive’, or ‘Deleted’]
If I were to see this screen, I would think that it's a way to "soft delete" an object and make it available only to a select few. In fact, until recently, the documentation also supported this interpretation.
However, this is false*.
In Islandora, anyone with the permission to “view repository objects” (and if your repository is public, then this means *everyone*) is able to see inactive or deleted objects.
All that “inactive” does is take away the navigational links to the object. It will not show up in a collection listing, and it will be removed from Solr. But if you have the link directly to it, or if it’s indexed in Google, or if you navigate to it from XML Sitemaps, then can be accessed just as if it were active.
*There is a caveat: if you have an XACML permission file in $FEDORA_HOME/data/fedora-xacml-policies/repository-policies, such as deny-inactive-or-deleted-objects-or-datastreams-if-not-administrator.xml, you may not be able to access your inactive objects unless you have the Drupal role ‘administrator’. If you install Fedora from scratch, you may still have this in place, as it ships with Fedora by default. However, in the sandbox, the vagrant, and the Islandora VM, this restriction is not present.
Community question 1: Is this how you thought it worked? And does this affect your current practice?
The only Islandora module that takes advantage of states is Islandora Simple Workflow. It lets users create inactive objects, which are then lost in the ether (security by obscurity) until someone with permission to “Manage object properties” marks them as active. A user who also has the permission “Manage inactive objects” (a permission provided by Islandora Simple Workflow) can see a list of inactive objects to approve.
Apparently, the fact that an object’s status does not affect its ability to be viewed was a design choice that was made in the early days of Islandora. I don’t know if the community wants this to always be the case.
Community question 2: Would you like to change this?
The pull request
What I propose is to add a new permission, “Access inactive or deleted objects”, and code that prevents anyone without this permission from seeing such an object. You could then configure it separately from those who could "View repository objects" (though anyone would need both for it to do any good).
For existing sites, at the same time as adding this permission, it would get granted it to the same groups who can currently see repository objects. That is, this would not change the functionality of any existing sites. But a repository manager who wanted to deliberately limit who could interact with these objects could do so.
Once we solve the fact that you would then be inadvertently able to lock yourself out of an object (it needs a warning), we’re hoping to make this option available.
We'd like to know what y'all think. Is the existing behaviour misleading? Is this all old news? Do you want this permission available? Do you even make use of the Inactive or Deleted states?
Thank you for reading all this, and an extra thank you in advance for your thoughts.
--
For more information about using this group, please read our Listserv Guidelines: http://islandora.ca/content/welcome-islandora-listserv
---
You received this message because you are subscribed to the Google Groups "islandora" group.
To unsubscribe from this group and stop receiving emails from it, send an email to islandora+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/islandora.
To view this discussion on the web visit https://groups.google.com/d/msgid/islandora/0f2c436e-a6a6-4d97-86c2-99ced9947306%40googlegroups.com.