Cabinet - Create / Delete Permission

Questions, comments, discussions. Over time certain topics might be moved to their own category.
Post Reply
Steve
Posts: 8
Joined: Fri Jan 03, 2020 1:48 pm

Cabinet - Create / Delete Permission

Post by Steve »

Hi all,
is it possible to give Cabinet create/delete permissions on Cabinet basis?
I find the "Create cabinet" permission on the role permissions (thus this permission works on ALL cabinets), and "Delete cabinets" permission at cabinet level (more granular, that's ok for my needs).
I would like to give an user the allowance to create/delete subcabinets only for certains cabinets, any chance?


Thanks in advance

Steve

User avatar
rssfed23
Moderator
Moderator
Posts: 185
Joined: Mon Oct 14, 2019 1:18 pm
Location: United Kingdom
Contact:

Re: Cabinet - Create / Delete Permission

Post by rssfed23 »

Hi Steve.

We talked a bit about the permissions approach to cabinets over at viewtopic.php?f=8&t=1523
But that question was mainly for permissions on sub-cabinets not the overall cabinet itself.

You can already set ACLs per cabinet, but only for the top-level cabinet.
In the all cabinets view you click ACLs next to the top level cabinet you're interested in and this will allow you to set the create or delete permission for all sub-cabinets within that top level cabinet.

We only allow this on the top level cabinet (rather than sub cabinets) for the reasons described in that post and associated gitlab link.
Please don't PM for general support; start a new thread with your issue instead.

Steve
Posts: 8
Joined: Fri Jan 03, 2020 1:48 pm

Re: Cabinet - Create / Delete Permission

Post by Steve »

Hi Rob,
first of all, many thanks for your answer, but I cannot find the Create cabinets permission on the top level cabinets ACL; only Delete Cabinets, Add documents to cabinets, Edit cabinets, Remove documents from cabinets and View cabinets.
Absolutely the Create Cabinets permission is not there....Sounds strange, I know but I am sure about it (checked many times)

Steve

User avatar
rssfed23
Moderator
Moderator
Posts: 185
Joined: Mon Oct 14, 2019 1:18 pm
Location: United Kingdom
Contact:

Re: Cabinet - Create / Delete Permission

Post by rssfed23 »

You're absolutely right steve - apologies for the confusion. I was on the global ACL view for cabinets at the time.

I know why this is happening: Mayan doesn't have a seperate object type for sub cabinets/levels. When clicking the new level button you're not actually creating a new "level" but creating a whole new cabinet that just has a reference in the database to it's parent cabinet. Mayan then dynamically displays this as a cabinet tree to users/through the API but in reality it's a seperate cabinet entirely. So there's no way for us to give a ACL for "create new level" as there's no such thing as a new level. All cabinets are equal aside from their parent ID and so the ACL needed here already exists as the create cabinet in the global ACL list and can't be tuned to apply only to a specific child cabinet without rearchecting cabinets, which won't happen as they're largely deprecated in favour of indexes.

You're welcome to log a feature request at https://gitlab.com/mayan-edms/mayan-edms, but just so your expectations are managed it's doubtful something like this would be added. Aside from the technical complexities and limitations mentioned above, as a project we're trying to move away from the Cabinet model of organising documents and focus our efforts on indexing instead. Using cabinets doesn't really scale well and as such the feature is largely in maintenance mode.

If your Mayan EDMS deployment is for a company/organisation and cabinets/this specific permission item is important to you then it would be worth looking into a Mayan EDMS Support Plan. Specifically a consulting agreement. Among many other benefits feature sponsorship is something that can be discussed and implementing a permissions model that suits your use case (including more detailed permissions on sub levels) can be part of that discussion. Sales@mayan-edms.com is the email address to reach out to for more info.

It was actually due to an enterprise customer that cabinets exist in the first place - they sponsored the feature as part of a consulting agreement.
As such, a consulting agreement is likely the only way a change such as this will make it into the project due to cabinets being largely in maintenance mode. If you're able to use indexes instead for your use case then that'll solve you a lot of problems further down the line in terms of scaling up, and of course we're always happy to consult on indexing setup/organisation as well as part of the above mentioned consultancy.
Please don't PM for general support; start a new thread with your issue instead.

Steve
Posts: 8
Joined: Fri Jan 03, 2020 1:48 pm

Re: Cabinet - Create / Delete Permission

Post by Steve »

First of all, many thanks for the detailed explanation.
but may I ask why Delete cabinets permission is on cabinet ACL (it works for specific cabinets + related sub cabinets), and Create cabinets permission is in the global role ACL?
Shouldn't create / delete cabinets be in the same ACL?

In this moment I have an user that can create cabinets where he wants, but delete or modify only specific cabinets.

Thanks

User avatar
rssfed23
Moderator
Moderator
Posts: 185
Joined: Mon Oct 14, 2019 1:18 pm
Location: United Kingdom
Contact:

Re: Cabinet - Create / Delete Permission

Post by rssfed23 »

No problem.

I can understand why that sounds a bit paradoxical to have delete but not create at the cabinet level. To the best of my knowledge, delete cabinets is there as a global ACL as well as a cabinet ACL because deleting a cabinet is the same function at both the top level as well as sub levels I'll try and explain as an analogy:
Having a delete cabinets ACL apply to child cabinets is okay because it can be cascaded down from a parent and a child can effectively delete itself.
As mentioned before, adding a ACL for creating a cabinet to an existing cabinet isn't possible because sub cabinets are cabinets themselves with a piece of extra metadata on it. So to add a ACL for it it would effectively be like running "create yourself" (with the current codebase) which isn't possible.
I may not be explaining myself very well though.

But to be clear, I'm explaining why it's not there at present. It is of course possible to implement such functionality, but as mentioned earlier we're avoiding developing cabinets much further. A serious bug in cabinets of course will get investigated, but this is more of a feature request than bug :)

It's also more important to be able to control deletions than creations given cabinet removal is a destructive action (not disruptive to the documents of course just the hierarchy) which contrasts to creation which is relatively harmless, so I'm not surprised that delete is something that can be more widely locked down to specific cabinet types.
Please don't PM for general support; start a new thread with your issue instead.

Steve
Posts: 8
Joined: Fri Jan 03, 2020 1:48 pm

Re: Cabinet - Create / Delete Permission

Post by Steve »

It's also more important to be able to control deletions than creations given cabinet removal is a destructive action (not disruptive to the documents of course just the hierarchy)
Agree with you
But to be clear, I'm explaining why it's not there at present. It is of course possible to implement such functionality, but as mentioned earlier we're avoiding developing cabinets much further. A serious bug in cabinets of course will get investigated, but this is more of a feature request than bug :)
Really! You don't like cabinets at all! :)
Why don't you create a userbase Poll about cabinet appreciation? I think the "average Joe" user (note that with user I don't mean system admin, IT technician and others, I mean the everyday user) is far more comfortable with simple cabinet classification concept than with metadata, index and so on...
it is only a proposal, not a provocation :)

Many thanks as always

Steve

User avatar
rssfed23
Moderator
Moderator
Posts: 185
Joined: Mon Oct 14, 2019 1:18 pm
Location: United Kingdom
Contact:

Re: Cabinet - Create / Delete Permission

Post by rssfed23 »

Oh I understand completely what you’re saying. I personally use cabinets a lot for my home environment as well as indexes. They both have their use cases! Although home users usually have less need for ACLs, that crops up more for business users.

We do have items in our backlog to improve the indexes experience. This is both a coding exercise but also a documentation one. I recommend the existing post in the forum for now until we have more documentation on it typed up or written in the book.

I apologise if I came across too “firm” against cabinets - I wanted to ensure expectations are managed correctly and our intentions known.
It's not all bad though! - an enhancement we're making based on community user request is the ability to mount cabinets as filesystem folders just like Indexes can be mounted: https://gitlab.com/mayan-edms/mayan-edms/issues/718

The everyday non-IT user is actually why we focus on indexes :) - The feedback from users (not admins but teams using Mayan) over the years was that as their document count grows, Cabinets become an increasing overhead, hard to manage and not a pleasant experience to use.
Conversely, the feedback from IT admins is that indexes and smart links can sometimes be tricky to set up. Ultimately we want everyone to be happy and to find a balance, which is why our focus now is to ensure the sysadmins have the skills they need to create better indexing and metadata structures (through documentation, guides and the book), so that ultimately their end users using Mayan daily can get the best experience. We have a rough plan to be able to use Jinja2 templates as well as Django ones, which will significantly help administrators utilise indexes/smart links and create better indexes in a friendlier templating format.
Please don't PM for general support; start a new thread with your issue instead.

Post Reply