Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Brainstorming] PRINT permission without FILES_LIST #3419

Closed
fieldOfView opened this issue Jan 6, 2020 · 6 comments
Closed

[Brainstorming] PRINT permission without FILES_LIST #3419

fieldOfView opened this issue Jan 6, 2020 · 6 comments

Comments

@fieldOfView
Copy link
Contributor

@fieldOfView fieldOfView commented Jan 6, 2020

Is your feature request related to a problem? Please describe.
OctoPrint 1.4 introduces granular permissions. The PRINT permission logically includes the FILES_SELECT permission (how else would OctoPrint know what file to print?). The FILES_SELECT permission logically includes the FILES_LIST permission (how else would the user be able to select an existing file?). Thus, any user who can start a print, automatically can also see all gcode files.

As an application developer using the API key, I may want to allow users to start a print they just uploaded through my application, but restrict their access to a list of other files already on the OctoPrint instance. In other words: I want users to be able to PRINT without the FILES_LIST permission.

Describe the solution you'd like
I think I would like the FILES_SELECT permission to not automatically inherit the FILES_LIST. This might be a little strange from the perspective of the OctoPrint web interface (because how do you select a file if you cannot see the available files?) but from the standpoint of an application that uploads a gcode file it is not necessary to be able to list all files if the application knows what file it just uploaded.

Describe alternatives you've considered
The only alternative I can think of is to life with a PRINT permission that also includes a FILE_LIST permission, making the permission system less granular.

Additional context
Eventually a solution where a user can (optionally) only list (and start, pause, cancel) her own gcode files would be great, but that is a bigger change for a future version of OctoPrint.

@foosel

This comment has been minimized.

Copy link
Owner

@foosel foosel commented Jan 13, 2020

You know, you've actually just made me question the sanity of the design decision overall to include permissions in other permissions (unless those other permissions are admin/management permissions). I'll have to poke a bit at the code and try to jog my memory what the reasoning behind that was, since indeed from a strictly permission modelling point of view, it seems a bit arbitrary and tailored to the core UI.

@foosel foosel added this to the 1.4.0 milestone Jan 13, 2020
@fieldOfView

This comment has been minimized.

Copy link
Contributor Author

@fieldOfView fieldOfView commented Jan 13, 2020

you've actually just made me question the sanity of the design decision

sorry :-/

@foosel

This comment has been minimized.

Copy link
Owner

@foosel foosel commented Jan 14, 2020

sorry :-/

Why sorry? That is a good thing to come up now rather than once 1.4.0 stable is released, so thank you!

I've changed the implementation to not include assumptions about the UI into the permission modelling and so far nothing seems to have broken, so that looks like a sound solution.

foosel added a commit that referenced this issue Jan 14, 2020
@foosel

This comment has been minimized.

Copy link
Owner

@foosel foosel commented Jan 14, 2020

Should be solved by the above commit.

@fieldOfView

This comment has been minimized.

Copy link
Contributor Author

@fieldOfView fieldOfView commented Jan 14, 2020

Why sorry?

Your sanity being questioned, especially by yourself, is never a nice. Not sorry about finding a bug ofcourse :-)

@foosel

This comment has been minimized.

Copy link
Owner

@foosel foosel commented Jan 28, 2020

1.4.0rc4 is out

@foosel foosel closed this Jan 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.