User Story #11456 (accepted)
Comprehensive permissions testing
|Reported by:||mtbcarroll||Owned by:||jburel|
|Cc:||ux@…, sbesson||Story Points:||n.a.|
|Total Remaining Time:||0.0d||Estimated Remaining Time:||n.a.|
Description (last modified by mtbcarroll)
Our permissions overview in the sysadmin documentation leaves much unspecified. Petr has been looking after some excellent Google Drive spreadsheets that have a lot more detail in the tables, but not yet everything. There are many variables: group membership (admin, owner, member, not), group permissions (including those not presently exposed in the UI), multiple-group situations (e.g., moving something from one group which has permissions P and for which I have membership Q, to a group which has permissions R and for which I have membership S, and perhaps P = R), extra associated data of different ownership that may be carried along with it (various kinds of annotations, which may be owned by some third party with other group memberships, and have been added to the image by a fourth party), so now we have T, U, and more), etc.
Of course, when associated data gets somehow separated from its original target, there is also the question of what then happens to it. Some things might make sense in an orphaned existence. But, for instance, if I move an image and didn't mean to thus delete another user's comments and I regret my action and move it back, maybe they're still gone.
What I would like is for every possibility to be enumerated such that it is clear in every case what should actually happen. Then, I would like integration and UI tests to actually try out every one of those cases. (Icing on the cake would be some kind of background story of workflows and intent from which these rules are obviously derived, because that'll be necessary if we ever need to explain the system more fully to anybody else: a why to follow the what.)
(This arose because I was trying to find out for the failing tests in AnnotationMoveTest which of the failing tests fail because the test is wrong and which because the server is wrong. From our documentation it's really not an easy question to answer.)
Change History (6)
comment:4 Changed 7 years ago by jamoore
- Priority changed from minor to major
- Type changed from Task to User Story