We need to define a permissions structure for controlling superevent actions, as well as upgrade the old one for events. Here is a proposal for how to define this structure going forward.
Update (6 Sept 2018): this issue is no longer going to cover redoing the events permission structure; it will only focus on creating the superevents permission structure.
Creation
Action
Allowed users
Comments
create event
Specific LVK users only
Currently allowed for pipeline accounts and specific users; remove individual users?
create test event
All LVK users
create superevent
emfollow/superevent manager
create test superevent
All LVK users
create MDC superevent
emfollow/superevent manager
Updates
Action
Allowed users
Comments
update/replace event
Only the user who originally submitted the event
Or should it be anyone who is allowed to submit events for the given pipeline?
update/replace test event
All LVK users
update superevent
emfollow/superevent manager
Applies to production and MDC superevents
update test superevent
All LVK users
add/remove event from superevent
emfollow/superevent manager
Production and MDC
add/remove event from test superevent
All LVK users
confirm superevent as gw
Some special people
Should emfollow/superevent manager be on this list?
confirm test superevent as gw
All LVK members
confirm mdc superevent as gw
emfollow/superevent manager
Annotations
Action
Allowed users
Comments
add log message/file
All LVK (all events/superevents); LV-EM (only exposed events/superevents)
Not allowed for public users (?)
tag log message/file
All LVK (all event/superevent logs)
Not allowed for LV-EM or public
untag log message/file
All LVK (all event/superevent logs)
Not allowed for LV-EM or public
add label
Specific LVK members can add specific labels
Needs some thought and a finalized list of labels to define this
remove label
Specific LVK members can remove the same specific labels
create voevent
emfollow
Are others needed?
create emobservation
All LVK (all events/superevents) and all LV-EM (all exposed events/superevents)
This is a little weird because as far as I know, only LV-EM people should be uploading EM observations
add/update/remove operator signoff
LVK members in control rooms
Control room groups controlled by IP address
add/update/remove advocate signoff
LVK members in em_advocates group
Viewing
Action
Allowed users
Comments
view event
All LVK (all events/superevents); LV-EM/Public (exposed events/superevents? Or just superevents?)
Applies equally to production and test events. Note to self: need to consider event subtypes and permissions on those as well
view logs
All LVK (all event/superevent logs); LV-EM/Public (exposed logs only)
Logs will be exposed via a tag ('lv-em' or 'public'); files associated with exposed logs will also be exposed
view voevents
All LVK (all voevents); not sure about LV-EM or public
Currently, all VOEvents are viewable to anyone who can view the event
view emobservations
All LVK (all emobservations); not sure about LV-EM or public
Currently, all EMObservations are viewable to anyone who can view the event
Main questions
Who can add/remove which labels? Or should all LVK users be able to add/remove all labels?
Who can expose/hide events and superevents?
Who can expose/hide logs with the 'lv-em' and 'public' tags?
Does exposing a superevent to external users mean that we should expose all of the individual events as well?