PKP Bugzilla – Bug 8363
ROLE_ID_EDITOR can probably be removed
Last modified: 2013-08-28 15:56:55 PDT
Looking at the code, ROLE_ID_EDITOR appears to be always linked with ROLE_ID_MANAGER (i.e. if an editor can do something, the manager also can); also I don't think it's possible to assign this role anywhere. Looks like an unnecessary holdover from OJS 2.x.
There are also no user groups that have that role ID by default. All of the important ones get _MANAGER and guest editors have their own role ID.
We'd need to consider whether there's a role for editors who should not be able to modify the journal (e.g. editing settings) but who do need to be able to access issue management; that's the only distinction left (though if so it does need fixing so users can be assigned to that role). Will ask John.
On further thought: bombs away. Get rid of ROLE_ID_EDITOR.
Created pull request:
I thought that editors were not suppose to change journal settings. Isn't that true? If it's still true, how we will handle that removing this role?
Bruno, in grepping for the EDITOR constant, I got the impression that the distinction probably wasn't working.
(In reply to comment #6)
> Bruno, in grepping for the EDITOR constant, I got the impression that the
> distinction probably wasn't working.
Well, just take a look at SettingsHandler. The only role authorized is the Manager one. If we blend manager and editor roles, than suddenly editors will be able to manage journal settings, which I don't think it's what we want.
Managers can do everything that editors can, but the contrary is not true. That's right?
Bruno, yes, that's the intention, and the more I reflect on it the more I think it's still a valuable one to preserve. (Sorry, Michael.) However, we do still need to verify that it's working as intended.
Created attachment 3955 [details]
For future reference the patch of the initial implementation.
Should I test this? Basically make sure that editors cannot change journal settings. I assume the SettingsHandler would be the only place this needs to be verified at?
(In reply to comment #10)
> Should I test this? Basically make sure that editors cannot change journal
> settings. I assume the SettingsHandler would be the only place this needs to
> be verified at?
The difference between managers and editors is that managers can do everything that editors can do plus manage journal settings. Then we should test:
1 - that editors can really do everything that they were meant to do, which is, access to the entire workflow process. Have to check page and components handlers that implement operations related to the workflow. Also editors can access issue management operations, so, once again, have to check those handlers.
2 - that managers can really do everything that editors can. This can be done grepping the use of role id editor constant and verifying that role id manager is also there;
3 - that ONLY managers can access and manage journal settings. Can be done checking all the handlers that implements management operations, like SettingsHandler, but also all the components controllers that implements management functions also (grids, listbuilders, etc).
I think that's the only way to make sure editors and managers roles are working ok.