Visibility of versions
This is a task associated with the versioning #53 (closed), but because of too many threads I am creating this new one.
We already have 7 statuses of items:
- DRAFT
- INGESTED
- SUGGESTED
- REVIEWED
- REFUSED
- MERGED
- DELETED
and 6 statuses of their versions:
- DRAFT
- INGESTED
- SUGGESTED
- APPROVED
- DISAPPROVED
- DEPRECATED
Moreover, the implementation allows for at most one APPROVED version. When new version becomes APPROVED then the previous one becomes DEPRECATED.
Currently getting an item with a given persistentId
(but without providing versionId
) GET /api/{category}/{persistendId}
returns:
- the DRAFT version of the logged in user of this item when the query parameter "draft" is set to "true",
- otherwise, the APPROVED version of the item if exists.
If there is no DRAFT version or APPROVED version, respectively, 404 is returned.
But in the context of the discussion on slack the better implementation of the visibility should be provided for items that are not DRAFTs. We should take into account the logged in user as well.
So probably logged in users should get their last INGESTED / SUGGESTED version instead of APPROVED version, to check how their last version look like or to obtain it in the web-form? Or the better option is to add an additional flag to the API that tell us whether the last APPROVED version should be returned or the last version for the logged in user. For instance, the query parameter "approved". When a user provides it and set to "false", then the last his/her version will be returned to him/her.
This is also associated with the problem what version should be returned for moderators? Moderators should see all SUGGESTED / INGESTED versions of, respectively, contributors / system_contributors (BDW, we added a new user role to the marketplace: SYSTEM_CONTRIBUTOR and assigned to this role the user "System importer"). Moreover I think that when this flag "approved=false" id provided to the request, then not 404 should be returned in case when the item is REFUSED, MERGED or DELETED, but the last version of this item.
To be consistent with other API endpoints I also think that this query parameter "approved" could be also provided to the search endpoint GET /api/item-search
. If not set to "false" then only APPROVED version should be returned (as it is currently implemented) and when it is set to "false", then
- for contributors / system_contributors, their last version will be returned or APPROVED versions if there is no their suggested / ingested versions.
- for moderators / administrators the last version of the item will be returned
And finally we should implement the same logic for GET /api/{category}/{persistendId}/versions/{versionId}
(assuming that the given version exists)
- anonymous requests should return this version if it is APPROVED, or 403 ("forbidden") otherwise.
- contributors / system_contributors requests should return this version if it is APPROVED or created by the logged in user, or 403 otherwise
- moderators / administrators requests should always return this version.
Please comments, before we start implementing it.