Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

User Story #11456 (accepted)

Opened 6 years ago

Last modified 4 years ago

Comprehensive permissions testing

Reported by: mtbcarroll Owned by: jburel
Priority: major Milestone: Permissions
Component: General Keywords: n.a.
Cc: ux@…, sbesson Story Points: n.a.
Sprint: n.a. Importance: n.a.
Total Remaining Time: 0.0d Estimated Remaining Time: n.a.

Description (last modified by mtbcarroll)

Our permissions overview in the sysadmin documentation leaves much unspecified. Petr has been looking after some excellent Google Drive spreadsheets that have a lot more detail in the tables, but not yet everything. There are many variables: group membership (admin, owner, member, not), group permissions (including those not presently exposed in the UI), multiple-group situations (e.g., moving something from one group which has permissions P and for which I have membership Q, to a group which has permissions R and for which I have membership S, and perhaps P = R), extra associated data of different ownership that may be carried along with it (various kinds of annotations, which may be owned by some third party with other group memberships, and have been added to the image by a fourth party), so now we have T, U, and more), etc.

Of course, when associated data gets somehow separated from its original target, there is also the question of what then happens to it. Some things might make sense in an orphaned existence. But, for instance, if I move an image and didn't mean to thus delete another user's comments and I regret my action and move it back, maybe they're still gone.

What I would like is for every possibility to be enumerated such that it is clear in every case what should actually happen. Then, I would like integration and UI tests to actually try out every one of those cases. (Icing on the cake would be some kind of background story of workflows and intent from which these rules are obviously derived, because that'll be necessary if we ever need to explain the system more fully to anybody else: a why to follow the what.)

(This arose because I was trying to find out for the failing tests in AnnotationMoveTest which of the failing tests fail because the test is wrong and which because the server is wrong. From our documentation it's really not an easy question to answer.)

Change History (6)

comment:1 Changed 6 years ago by mtbcarroll

  • Description modified (diff)

comment:2 Changed 6 years ago by mtbcarroll

See also https://github.com/openmicroscopy/openmicroscopy/pull/1751#issuecomment-28313531: data may be in the user group. The "pre-set" users and groups should be included in the testing.

comment:3 Changed 6 years ago by mtbcarroll

  • Cc sbesson added

comment:4 Changed 5 years ago by jamoore

  • Priority changed from minor to major
  • Type changed from Task to User Story

As discussed during https://trello.com/c/BZ2UcNV8/49-jun-19-agenda, https://trello.com/c/kbYs3GQ0/19-test-permissions-comprehensively was archived in favor of turning this ticket into a story. All bugs found from the testing should be included here.

comment:5 Changed 5 years ago by agilo

  • Status changed from new to accepted

Updated status, related task in progress

comment:6 Changed 4 years ago by sbesson

  • Milestone changed from Testing2 to Permissions
Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.117772 sec.)

We're Hiring!