-
-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorship & Access List #503
Labels
Milestone
Comments
This was referenced Jan 17, 2021
Closed
Open
edemaine
added a commit
that referenced
this issue
Jan 21, 2021
See #503 for lots about the new model: coauthors (vs. authors = actual edits to the message) and access list replacing @mention permission. Client: lots of changes especially when editing * BelowEditor shows Coauthors always, and Access in private messages (and messages that somehow have Access set, e.g. formerly private) * Input via react-bootstrap-typeahead * History view shows authors that aren't coauthors (via 'also') * Access shows suggestions for @mentions * Reply All from private messages inherit accessibility from parent * Action / Coauthor for quick way to add yourself as a coauthor * More compact MessageAuthor formatting (fix #393) * `text-help` class to indicate hoverable help Lib: revamped permissions * @mentions no longer grant any permissions (but bootstrap old data) -- no more regular expressions in standard queries! * Coauthorship grants explicit read/write access in all cases * Access list grants explicit read access if published and not deleted * Fix `addRootsToQuery` to not add roots that the user didn't have access to (known but forgotten permissions bug), by $and'ing on permission query again. We really only needed this when accessing the global group (which we now do via `maybeAddRootsToQuery`), so not a big performance impact most of the time. * Live view now works in global group * Fix `canEdit` to check visibility of message too; before, you could edit a message if you knew its ID even if it was e.g. private (and you had group-wide edit permission). This would make you an author, which would let you see secret messages given their IDs. * messageNew now correctly fails if specified parent doesn't exist. * Notifications for changes to coauthors and access * Import bug fix and support for `coauthors`
edemaine
added a commit
that referenced
this issue
Jan 23, 2021
This was referenced Jan 23, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Redesign for access control (with significant input from dev team including Yevhenii, Alice, Ankur, Dylan, Marty):
authors
mapping remains the ground truth of edits as reflected in history of edits, sorecomputeAuthors
will still do the right thing: map each user that is among theupdators
of some edit to the lastupdated
date among these edits. (This makes backward compatibility easier, and makes it easy to remove and then re-add an author (e.g. accidental removal) without having to dive back into history.)coauthors
list/array (like currentauthors
, but no longer necessarily corresponding to diff sequence).authors
used to), regardless of flags.authors
and @mentions will be converted into this during bootstrap process.coauthors
tracking throughout historyauthors
are also added tocoauthors
(via$addToSet
).coauthors
should be tracked in diffs, and reported (as adds/removes) in notifications, just like @mentions would have been. This will encourage good behavior.author
view, but is that worth optimizing? Likely being replaced by a search view.authors
no longer gives permission (replaced bycoauthors
)MessageAuthor
to show coauthors that haven't made explicit edits in history (Condense editor list #393)coauthors
list can deviate fromauthors
list, and why we don't want to giveauthors
permission anymore (replacing withcoauthors
).access
list/array.author (if message is public or private) oraccess (if message is private). Usually you want a mentioned person to read the message you're mentioning them in, so this will help fix that error, but sometimes you don't, so it will also not force it.UserInput
? This was possible with @mentions, but now it isn't possible. Superuser case is useful for prewriting a set of problems before inviting everyone to a group.authors
but notcoauthors
Perhaps disable removal of creator's authorship, except by superuserReplaces #177, #475, #149, #393
The text was updated successfully, but these errors were encountered: