Rework permissions structure

We need to define a permissions structure for controlling superevent actions, as well as upgrade the old one for events. Here is a proposal for how to define this structure going forward.

Update (6 Sept 2018): this issue is no longer going to cover redoing the events permission structure; it will only focus on creating the superevents permission structure.

Creation

Action	Allowed users	Comments
create event	Specific LVK users only	Currently allowed for pipeline accounts and specific users; remove individual users?
create test event	All LVK users
create superevent	emfollow/superevent manager
create test superevent	All LVK users
create MDC superevent	emfollow/superevent manager

Updates

Action	Allowed users	Comments
update/replace event	Only the user who originally submitted the event	Or should it be anyone who is allowed to submit events for the given pipeline?
update/replace test event	All LVK users
update superevent	emfollow/superevent manager	Applies to production and MDC superevents
update test superevent	All LVK users
add/remove event from superevent	emfollow/superevent manager	Production and MDC
add/remove event from test superevent	All LVK users
confirm superevent as gw	Some special people	Should emfollow/superevent manager be on this list?
confirm test superevent as gw	All LVK members
confirm mdc superevent as gw	emfollow/superevent manager

Annotations

Action	Allowed users	Comments
add log message/file	All LVK (all events/superevents); LV-EM (only exposed events/superevents)	Not allowed for public users (?)
tag log message/file	All LVK (all event/superevent logs)	Not allowed for LV-EM or public
untag log message/file	All LVK (all event/superevent logs)	Not allowed for LV-EM or public
add label	Specific LVK members can add specific labels	Needs some thought and a finalized list of labels to define this
remove label	Specific LVK members can remove the same specific labels
create voevent	emfollow	Are others needed?
create emobservation	All LVK (all events/superevents) and all LV-EM (all exposed events/superevents)	This is a little weird because as far as I know, only LV-EM people should be uploading EM observations
add/update/remove operator signoff	LVK members in control rooms	Control room groups controlled by IP address
add/update/remove advocate signoff	LVK members in em_advocates group

Viewing

Action	Allowed users	Comments
view event	All LVK (all events/superevents); LV-EM/Public (exposed events/superevents? Or just superevents?)	Applies equally to production and test events. Note to self: need to consider event subtypes and permissions on those as well
view logs	All LVK (all event/superevent logs); LV-EM/Public (exposed logs only)	Logs will be exposed via a tag ('lv-em' or 'public'); files associated with exposed logs will also be exposed
view voevents	All LVK (all voevents); not sure about LV-EM or public	Currently, all VOEvents are viewable to anyone who can view the event
view emobservations	All LVK (all emobservations); not sure about LV-EM or public	Currently, all EMObservations are viewable to anyone who can view the event

Main questions

Who can add/remove which labels? Or should all LVK users be able to add/remove all labels?
Who can expose/hide events and superevents?
Who can expose/hide logs with the 'lv-em' and 'public' tags?
Does exposing a superevent to external users mean that we should expose all of the individual events as well?
Who can confirm superevents as GWs?

We need to define a permissions structure for controlling superevent actions, as well as upgrade the old one for events.  Here is a proposal for how to define this structure going forward.

**Update** (6 Sept 2018): this issue is no longer going to cover redoing the events permission structure; it will only focus on creating the superevents permission structure.

# Creation

| Action | Allowed users | Comments |
| ------ | ------------- | -------- |
| create event | Specific LVK users only | Currently allowed for pipeline accounts and specific users; remove individual users? |
| create test event | All LVK users | |
| create superevent | emfollow/superevent manager | |
| create test superevent | All LVK users | |
| create MDC superevent | emfollow/superevent manager | |

# Updates

| Action | Allowed users | Comments |
| ------ | ------------- | -------- |
| update/replace event | Only the user who originally submitted the event | Or should it be anyone who is allowed to submit events for the given pipeline? |
| update/replace test event | All LVK users | |
| update superevent | emfollow/superevent manager | Applies to production and MDC superevents |
| update test superevent | All LVK users | |
| add/remove event from superevent | emfollow/superevent manager | Production and MDC |
| add/remove event from test superevent | All LVK users | |
| confirm superevent as gw | Some special people | Should emfollow/superevent manager be on this list? |
| confirm test superevent as gw | All LVK members | |
| confirm mdc superevent as gw | emfollow/superevent manager | |

# Annotations

| Action | Allowed users | Comments |
| ------ | ------------- | -------- |
| add log message/file | All LVK (all events/superevents); LV-EM (only exposed events/superevents) | Not allowed for public users (?) |
| tag log message/file | All LVK (all event/superevent logs) | Not allowed for LV-EM or public |
| untag log message/file | All LVK (all event/superevent logs) | Not allowed for LV-EM or public |
| add label | Specific LVK members can add specific labels | Needs some thought and a finalized list of labels to define this |
| remove label | Specific LVK members can remove the same specific labels | |
| create voevent | emfollow | Are others needed? |
| create emobservation | All LVK (all events/superevents) and all LV-EM (all exposed events/superevents) | This is a little weird because as far as I know, only LV-EM people should be uploading EM observations |
| add/update/remove operator signoff | LVK members in control rooms | Control room groups controlled by IP address |
| add/update/remove advocate signoff | LVK members in em_advocates group | |

# Viewing

| Action | Allowed users | Comments |
| ------ | ------------- | -------- |
| view event | All LVK (all events/superevents); LV-EM/Public (exposed events/superevents? Or just superevents?) | Applies equally to production and test events. Note to self: need to consider event subtypes and permissions on those as well |
| view logs | All LVK (all event/superevent logs); LV-EM/Public (exposed logs only) | Logs will be exposed via a tag ('lv-em' or 'public'); files associated with exposed logs will also be exposed | |
| view voevents | All LVK (all voevents); not sure about LV-EM or public | Currently, all VOEvents are viewable to anyone who can view the event|
| view emobservations | All LVK (all emobservations); not sure about LV-EM or public | Currently, all EMObservations are viewable to anyone who can view the event |

# Main questions

1. Who can add/remove which labels?  Or should all LVK users be able to add/remove all labels?
2. Who can expose/hide events and superevents?
3. Who can expose/hide logs with the 'lv-em' and 'public' tags?
4. Does exposing a superevent to external users mean that we should expose all of the individual events as well?
5. Who can confirm superevents as GWs?

Edited Sep 06, 2018 by Tanner Prestegard

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information