User uses annotation
- They cannot see annotations for which they do no have read permission
- Then cannot see options to edit or delete annotations on which they do not have relevant permission
- When creating an annotation, if logged in, they can set 'anyone can edit', 'anyone can read' checkboxes which set relevant permissions.
Install user story:
- Add script lines to my web page
- Create Annotator object and add plugins
- Store plugin
- User plugin
- Permissions plugin - default permissions
- default permission: everyone can read, only user can edit / delete / admin
Permissions on annotations are a hash consisting of keys with action names
{
'read': []
'update'
'delete'
'admin' # ability to change permissions
}
Values are lists of user names:
'read': ['myuser']
Empty list means anyone can do that action.
(Not done for the present)
- Have groups (e.g. prefix with group:: ...)
- Leave out admin and just have rule that only 'owner' (ie. person listed in user field can update permissions).