respect expose_user_email configuration in datalibraries permissions list #4611
Conversation
martenson
force-pushed
the
respect-email-exposure
branch
from
313c36e to
0d6a71d
Compare
martenson
force-pushed
the
respect-email-exposure
branch
from
0d6a71d to
1b2221c
Compare
|
rebased, rebuilt and fixed indent |
|
Ok, tested this today, I'm happy with the changes. This is a much, much better sharing experience. 👍 |
| @@ -1076,26 +964,11 @@ var LibraryDatasetView = Backbone.View.extend({ | |||
| '<div class="alert alert-info roles-selection">User with <strong>any</strong> of these roles can modify name, metadata, and other information about this library item.</div>', | |||
| '<hr/>', | |||
| '<h2>Dataset-related permissions</h2>', | |||
| '<div class="alert alert-warning">Changes made below will affect <strong>every</strong> library item that was created from this dataset and also every history this dataset is part of.</div>', | |||
| '<divclass="alert alert-warning">Changes made below will affect <strong>every</strong> library item that was created from this dataset and also every history this dataset is part of.</div>', | |||
|
I'm probably doing it wrong, but I tested the following.
Note: with default expose_user_name/expose_user_email in galaxy.ini, so, |
|
@dannon did you flip the |
|
@martenson No, I left it false on purpose to test. I should still be able to add emails that I know, without the assisted autocomplete, right? |
|
@dannon No, you cannot search for specific emails/users nor can you add arbitrary string that Galaxy will check against the |
|
Ok, so without 'expose' set, these are just completely disabled for non-admins? Can we add a hint that that's the case on the interface? (and not allow people to try) |
|
@dannon They are not disabled, you only see your role, your sharing roles and other roles/groups you are part of. The logic is in the edit: The reason why you cannot see anything is that your only valid option is your own private role. But if you were part of an e.g. group you would see its role there. |
|
I get that I can see my own role. This user is supposed to be able to administer this library though, and cannot, and the UI doesn't provide any sort of a clue why -- it just appears broken, which is bad UX. (screenshot snipped, wasn't useful) If we just add some text saying "Note that this instance is configured to hide usernames and email addresses, so you will not be able to add users that are not |
|
I took that issue to be about much higher level overall security design, which will of course eventually change the UX here, but I'm talking about my experience with this particular interface that this PR touches. It appears broken, to me, and a little additional text would explain that. |
|
@dannon Similar interface is in history on every dataset's permissions and in fact on sharing of every object - workflows, pages, history etc. I suggest opening a PR that alters labeling on all these, if you think we can do a better job explaining the current configuration and options. This PR specifically addresses the following part of #1177 :
and thus, unless there are bugs related to that, I deem it finished. |
|
You specifically mention workflows, pages, and histories, but they all have a simple "email address of user to share with", which allows me to (as expected) type in whatever address I want. Anyway, this was an open PR, I gave feedback, you're welcome to ignore it. I'm moving on. |
|
@dannon Could you please stop holding my PR as hostage for what you deem is a label changing issue? |
|
@martenson What am I holding hostage? I spent time to review this, reported one typo and a confusing interface. At first, I literally did not know if the interface was fixed or not because it's so confusing. I did not -1 this, and am not 'holding anything hostage'. |
part of #1177
ping @erasche