Consider adding enforcement for embargoes and leases into blacklight-access_controls.
We could use the embargo enforcement from hydra-access-controls as an example. In hydra-access-controls, the rules for embargo seem to be:
- A user who has "read" or "discover" access to a record will be denied access to the record if the record is currently under embargo.
- A user who has "edit" access to a record will still have full access to the record, even if the record is currently under embargo.
blacklight-access_controls doesn't have "edit" access, so the rules will need to be a little different. What should the rules be?
My suggestion is that if a record is currently under embargo, by default no user should have access. Then a developer can add access for some users from within their Blacklight app (for example, give access to admin users or to the author/creator of the record).
Ping @Cam156 for discussion. How does PSU plan to use embargoes, and which user(s) should be able to view an embargoed record?
Consider adding enforcement for embargoes and leases into blacklight-access_controls.
We could use the embargo enforcement from hydra-access-controls as an example. In hydra-access-controls, the rules for embargo seem to be:
blacklight-access_controls doesn't have "edit" access, so the rules will need to be a little different. What should the rules be?
My suggestion is that if a record is currently under embargo, by default no user should have access. Then a developer can add access for some users from within their Blacklight app (for example, give access to admin users or to the author/creator of the record).
Ping @Cam156 for discussion. How does PSU plan to use embargoes, and which user(s) should be able to view an embargoed record?