Pssssst! Your deleted objects are showing!

[Rosemary Le Faive]

We’re looking for community input on a discussion that's been happening on Github and on the Committers call. For more details, see Github (and Jira).

Widespread(?) Misconception

So there's always been a way in Islandora to set an object as either "Active" (default), "Inactive", or "Deleted". It's under Manage > Properties, same place you can purge (i.e. permanently remove from the repository) an object.

[Image showing the management interface for an Islandora object, at the Manage tab > Properties tab, showing that ‘State’ can be set to ‘Active’, ‘Inactive’, or ‘Deleted’]

 

If I were to see this screen, I would think that it's a way to "soft delete" an object and make it available only to a select few. In fact, until recently, the documentation also supported this interpretation.

 

However, this is false*.

 

In Islandora, anyone with the permission to “view repository objects” (and if your repository is public, then this means *everyone*) is able to see inactive or deleted objects.

 

All that “inactive” does is take away the navigational links to the object. It will not show up in a collection listing, and it will be removed from Solr. But if you have the link directly to it, or if it’s indexed in Google, or if you navigate to it from XML Sitemaps, then can be accessed just as if it were active.

 

*There is a caveat: if you have an XACML permission file in $FEDORA_HOME/data/fedora-xacml-policies/repository-policies, such as deny-inactive-or-deleted-objects-or-datastreams-if-not-administrator.xml, you may not be able to access your inactive objects unless you have the Drupal role ‘administrator’. If you install Fedora from scratch, you may still have this in place, as it ships with Fedora by default. However, in the sandbox, the vagrant, and the Islandora VM, this restriction is not present.

 

Community question 1: Is this how you thought it worked? And does this affect your current practice?

 

The only Islandora module that takes advantage of states is Islandora Simple Workflow. It lets users create inactive objects, which are then lost in the ether (security by obscurity) until someone with permission to “Manage object properties” marks them as active. A user who also has the permission “Manage inactive objects” (a permission provided by Islandora Simple Workflow) can see a list of inactive objects to approve.

 

Apparently, the fact that an object’s status does not affect its ability to be viewed was a design choice that was made in the early days of Islandora. I don’t know if the community wants this to always be the case.

 

Community question 2: Would you like to change this?

The pull request

What I propose is to add a new permission, “Access inactive or deleted objects”, and code that prevents anyone without this permission from seeing such an object. You could then configure it separately from those who could "View repository objects" (though anyone would need both for it to do any good).

 

For existing sites, at the same time as adding this permission, it would get granted it to the same groups who can currently see repository objects. That is, this would not change the functionality of any existing sites. But a repository manager who wanted to deliberately limit who could interact with these objects could do so.

 

Once we solve the fact that you would then be inadvertently able to lock yourself out of an object (it needs a warning), we’re hoping to make this option available.

We'd like to know what y'all think. Is the existing behaviour misleading? Is this all old news? Do you want this permission available? Do you even make use of the Inactive or Deleted states?

Thank you for reading all this, and an extra thank you in advance for your thoughts.

[Jennifer Eustis]

This was definitely confusing when I first learned that anyone could still view inactive and deleted. I also found very little information on the difference between active, inactive, and deleted. In my mind, active means the object is fully integrated in the index and is displayed and viewable. Inactive means that that object is "hidden" or to use an analogy from IR, still under review. At first I understood deleted as purged but I don't think it means this. If deleted is selected, the object is in the queue to be purged. Is that right?

Many in our community are under the impression that inactive means users can't view it. Many here would be for changing this so that inactive is not viewable and appears in the simple workflow.

Jennifer

[dric...@utk.edu]

We've had to create new workflows around this. I believe it's slightly misleading. If "Deleted" was changed to "hidden from collection and removed from Solr" it would be more accurate to the actual functionality. I believe the default functionality for "deleted" should be non-viewable by anyone other than collection managers and owner with maybe a "tombstone" showing something use to be here. I would like it to be addressed but after last week's committer's call I think it was said that making this could impact a number of DG's users. Is that correct? If so, some caution should be exercises. But even with that I still think it should be addressed. 

1. Yes, this would impact our current setup

2. Yes, I believe this could add value and should be added. 

3. Permissions should be changeable from admin UI if possible

4. Yes, we do make use in our IR. In fact we're developing a solution around deleted status as a tombstone state (possibly) 

[Joanna DiPasquale]

I have to plead ignorance for part of my response because, while I knew that this was essentially how object states worked, we don't use them very much.  Occasionally we make use of deleted states in that we've given permission for our lab students to mark objects deleted (i.e., obscure them!), but only my lab manager and I can purge them from the repository.  We work closely enough that purges usually take place fairly soon after objects have been deleted, but as we scale up or roll out Islandora on campus, that may not be the case.

Even if we did not need the features proposed, I would support the pull request for exactly the reason you suggest, Rosie:  "...a repository manager who wanted to deliberately limit who could interact with these objects could do so." That seems reasonable and a desired outcome for such a robust repository.

Thank you for raising this!

Joanna DiPasquale
jjdipa...@gmail.com

--
For more information about using this group, please read our Listserv Guidelines: http://islandora.ca/content/welcome-islandora-listserv
---
You received this message because you are subscribed to the Google Groups "islandora" group.
To unsubscribe from this group and stop receiving emails from it, send an email to islandora+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/islandora.
To view this discussion on the web visit https://groups.google.com/d/msgid/islandora/0f2c436e-a6a6-4d97-86c2-99ced9947306%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Jeff Rubin]

We use Inactive status in order to work on collections/objects before we publish them. As with the others who have replied, there is a learning curve to understanding the status feature as it is somewhat counter intuitive.

There is also another wonky issue with Inactive status. If you have a sub-collection within an Inactive collection, that collection appears as a separate collection in Simple Workflow and actually shows up in Solr.

We are in favor of Rosie's pull request suggestion.

[Rosemary Le Faive]

These are great responses. Thank you all! 

Jeff, there's another way that states work that is totally not obvious. The state of an object does not get passed to its children. If you set a collection as "inactive" or "deleted", current active objects remain active, and if you add objects to an inactive/deleted collection they will be active (that's by default, though in your case Simple Workflow is causing them to be inactive).  You are not the first person in this discussion to be surprised by this! 

One more thing that we've done lately (post-7.x-1.9) is to make inactive objects display a warning that "this object is not active". Hopefully this will help to make this feature more transparent. 

[Alex Kent]

I am curious, has there been a further update to this issue?  

https://jira.duraspace.org/browse/ISLANDORA-1985