Project validation process
Introduction
The purpose of this document is to expose the validation process workflow and access control which allows Project Manager to deliver their Data.
Here are the elements to be controlled:
- Project
- Main Data (Data + Metadata)
- Other Data
The two main access features which need to be controlled can be described as follow:
1. PDB Manager must have access only to their elements
2. Dataset Data and Metadata change, delete or view operations must be controlled depending on the Dataset state and the user role
Workflow
This figure illustrate an overview of the workflow (it doesn't expose the complete transition system).
States
- Project: Open, Approved by PR, Approved by PA (ESPON EGTC)
- Main Data (Dataset): Open, Submitted, SG Checked, SD Checked, QC Checked
- Other Data: Submitted, Modification Required, Accepted
Triggering
Some transitions trigger some events as follow:
- QC-Success/PR:
- Insert Data (standard indicator data insertion)
- Build Indicator Package
- Approve/PR:
- Build Project Archive
- Approve/PA:
- Publish
- 'Back/PA:
- Un-publish
Access Control
A set of permissions is defined to control the access of the data upload elements which is delivered by the ESPON projects.
Elements to be controlled
Here is the structure of elements where permissions apply:
Projects
Dataset Elements
Datasets Metadata elements (indicators, etc, ...)
Datasets Data elements
Permissions
A permission string is build as follow:
<action>[_as_manager]_project: define access level 1
<action>[_as_manager]_dataset[_<state>]_<element type>: define access level 1.1 and bellow
Where tokens can be replaced as follow:
<action>: view, add, edit, delete
<state>: dataset states + any
<element type>: elements, metadata, data where elements means either metadata or data
Notes:
To add a dataset we use the ‘can add dataset’ permission
When a permission doesn’t specify the ‘as_manager’ option then the access apply to any dataset
(When a permission string doesn’t specify an element type then it means that the permission only apply to the dataset without including its nested elements. Not implemented)
Example of permissions
view_any_project: allows to view all projects
view_any_project_elements: allows to view all projects and all of its nested elements
edit_as_manager_dataset_open_metadata: allow manager to edit open dataset metadata
Etc, ...
Dataset elements permissions
status \ Roles | Project Manager | Project Reviewer | Project Approver |
Dataset Open | Elements - edit as manager - delete as manager | Elements | View all |
Dataset Submitted | Elements | Elements - edit - delete | View all |
Dataset SG checked | Metadata - view as manager Data - view as manager - edit as manager - delete as manager | Elements - edit - delete | View all |
Dataset Data uploaded | Elements | Metadata - view Data - view - edit - delete | View all |
Dataset SD checked | Elements | Elements | View all |
Dataset QC checked | Elements | Elements | View all |
Notification
Users are being notified by a message (either into their profile messages and/or by email) if they are assigned a change permission for a given dataset state.
For example, users who have the ‘Can change as manager sg-checked dataset element’ will be notified when a dataset workflow state switch to ‘sg-checked’.