Cannot uncheck Allow everyone to read checkbox about annotator HOT 10 CLOSED

This will happen if the value for the "read" action when setting up the permissions plugin is an empty array, ie. publicly readable.

In this case the checkbox cannot be used because there are no permissions to apply to it if the box were to be unchecked. So we freeze it. The checkbox can be hidden in this case by setting the (currently undocumented) showViewPermissionsCheckbox option to false.

annotator.addPlugin('Permissions', {
  user: 'Alice',
  permissions: {
    'read':   [], // Annotations are always public.
    'update': ['Alice'],
    'delete': ['Alice'],
    'admin':  ['Alice']
  },
  showViewPermissionsCheckbox: false // Hide view checkbox.
});

I will document this and showEditPermissionsCheckbox right now

from annotator.

Documented under the options heading. http://github.com/okfn/annotator/wiki/Permissions-Plugin

from annotator.

Not sure this is really the right way it should work. We want to allow people to restrict access if they want. Why couldn't unchecking simply result in current user id being put in the read list?

Generally this suggests we should rework the authorization system to explicitly denote 'everyone'.

from annotator.

Take the current example:

{
'read':   [], // Annotations are always public.
'update': ['Alice'],
'delete': ['Alice'],
'admin':  ['Alice']
}

It should be possible to uncheck this checkbox if an admin (Alice) is viewing the annotation. Otherwise the checkbox should be permanently disabled (or not even displayed to the user?).

Once unchecked the current user's id should be inserted into the 'read' array. (Question: should all annotation admins be inserted into the 'read' array? Probably).

We have decided to postpone this ticket for now as there remains a larger discussion to be resolved regarding the implementation of permissions.

from annotator.

Okay, let's reopen this conversation. When I originally designed the permissions plugin, the meaning of [] and null or undefined was different. Specifically, {delete: null} or {} meant "anyone can delete", while {delete: []} meant "no-one can delete". Do we currently have a way of specifying the latter?

I agree with Aron that if the viewing user doesn't have 'admin' authorisation for the current annotation (which for AnnotateIt they do have by default for annotations they created) then we shouldn't display any Permissions UI.

from annotator.

So, note to self: this needs fixing, as users using AnnotateIt should be able to prevent their annotations showing up in public-readable searches, if they so desire.

from annotator.

users using AnnotateIt should be able to prevent their annotations showing up in public-readable searches

Is this not possible now by adding their id into the read array?

Specifically, {delete: null} or {} meant "anyone can delete", while {delete: []} meant "no-one can delete". Do we currently have a way of specifying the latter

No, I don't think their is anyway that you can specify the latter without putting the creators (or someones) id into the array. Although that said, this might be possible by putting null into the array eg. {delete: [null]}.

from annotator.

Is this not possible now by adding their id into the read array?

Yes, it is, but the UI doesn't actually allow you to uncheck the box that would do that!

As for the second issue, I think it's probably less of a concern now. It doesn't make that much sense to allow people to prevent themselves from deleting an annotation.

from annotator.

Closed by 7cae58b

from annotator.

Yes, it is, but the UI doesn't actually allow you to uncheck the box that would do that!

I believe it allowed you to uncheck it if you put the id in the @options.permissions when the plugin was loaded. That's why it was storing the id in the data attribute. Your update is simpler for now anyway.

from annotator.