Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: redefine "public" and "private" #121

Merged
merged 2 commits into from
Aug 8, 2024
Merged

fix: redefine "public" and "private" #121

merged 2 commits into from
Aug 8, 2024

Conversation

jnussbaum
Copy link
Collaborator

No description provided.

@jnussbaum jnussbaum self-assigned this Aug 6, 2024
Nora-Olivia-Ammann
Nora-Olivia-Ammann reviewed Aug 6, 2024
View reviewed changes
Copy link
Collaborator

@Nora-Olivia-Ammann Nora-Olivia-Ammann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on what decision did you change this definition?

@jnussbaum
Copy link
Collaborator Author

Based on what decision did you change this definition?

Based on my experience, what people most often want when they use the terms "public" / "private". This code change doesn't have a direct impact, it's rather like a default, that can be used or overwritten on a per-project-basis.

BalduinLandolt
BalduinLandolt approved these changes Aug 6, 2024
View reviewed changes
Copy link
Collaborator

@BalduinLandolt BalduinLandolt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks reasonable to me. Are these changes in line with what we have most commonly in the database? Is the PRIVATE one the same as the current default DOAPs used by the API for new projects? Because this is currently our "canonical definition of private". And does this align with what RDU wants?

@jnussbaum
Copy link
Collaborator Author

Looks reasonable to me. Are these changes in line with what we have most commonly in the database? Is the PRIVATE one the same as the current default DOAPs used by the API for new projects? Because this is currently our "canonical definition of private". And does this align with what RDU wants?

Thanks for your input. Unfortunately, your questions have different contradictory answers ;-)

1. What is most commonly in the database (stage)?

There are more than 20 different public-ish permissions. One among them is far on top (much more frequent than the others): CR knora-admin:Creator,knora-admin:ProjectAdmin|D knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser. Therefore, I have now adapted this PR so that this becomes the new PUBLIC.

For private-ish, there are 3 candidates:

  • 50'000 times: CR knora-admin:ProjectAdmin|D knora-admin:Creator|M knora-admin:ProjectMember
  • 30'000 times: CR knora-admin:ProjectAdmin|D knora-admin:Creator,knora-admin:ProjectMember
  • 8'000 times: CR knora-admin:ProjectAdmin|M knora-admin:ProjectMember

2. What is the default DOAP for private that the API sets?

Surprisingly, the default private DOAP is the one that appears the least frequent on stage: CR knora-admin:ProjectAdmin|M knora-admin:ProjectMember (8'000 times). But since it is the default, I have now adapted the PR so that this becomes the new PRIVATE.

3. What does RDU want?

Since they don't care about permissions at such a low level, I had the following approach until now: Every time I had to do a permissions change, I translated the high-level instructions ("private" / "public") into something that seemed reasonable to me, and then checked back with RDU. Mostly, they just accepted what I suggested to them. But it also depends from case to case. So this question cannot really be answered.

4. What makes sense?

According to my gut, PUBLIC is now quite sensible. However, I think that PRIVATE should rather be changed to CR knora-admin:ProjectAdmin,knora-admin:Creator|D knora-admin:ProjectMember, although this never appears in the database.

@BalduinLandolt
Copy link
Collaborator

Looks reasonable to me. Are these changes in line with what we have most commonly in the database? Is the PRIVATE one the same as the current default DOAPs used by the API for new projects? Because this is currently our "canonical definition of private". And does this align with what RDU wants?

Thanks for your input. Unfortunately, your questions have different contradictory answers ;-)

1. What is most commonly in the database (stage)?

There are more than 20 different public-ish permissions. One among them is far on top (much more frequent than the others): CR knora-admin:Creator,knora-admin:ProjectAdmin|D knora-admin:ProjectMember|V knora-admin:KnownUser,knora-admin:UnknownUser. Therefore, I have now adapted this PR so that this becomes the new PUBLIC.

For private-ish, there are 3 candidates:

* 50'000 times: `CR knora-admin:ProjectAdmin|D knora-admin:Creator|M knora-admin:ProjectMember`

* 30'000 times: `CR knora-admin:ProjectAdmin|D knora-admin:Creator,knora-admin:ProjectMember`

* 8'000 times: `CR knora-admin:ProjectAdmin|M knora-admin:ProjectMember`

👍

2. What is the default DOAP for private that the API sets?

Surprisingly, the default private DOAP is the one that appears the least frequent on stage: CR knora-admin:ProjectAdmin|M knora-admin:ProjectMember (8'000 times). But since it is the default, I have now adapted the PR so that this becomes the new PRIVATE.

Considering how much easier it is to create numerous resources with dsp-tools (where other permissions may be provided) than with the app, this may not be as surprizing.
The two top candidates, were they promoted by dsp-tools in some way? (e.g. an XML template, docs, etc.) In that case, I suppose the numbers would make perfect sense.

3. What does RDU want?

Since they don't care about permissions at such a low level, I had the following approach until now: Every time I had to do a permissions change, I translated the high-level instructions ("private" / "public") into something that seemed reasonable to me, and then checked back with RDU. Mostly, they just accepted what I suggested to them. But it also depends from case to case. So this question cannot really be answered.

I asked the wrong question anyways - the right question would be "what do the projects want?" but the same would apply there, I guess.
As long as it doesn't functionally violate the customer's behavioural expectations, that approach makes sense, though some standardization will be nice to have.

4. What makes sense?

According to my gut, PUBLIC is now quite sensible. However, I think that PRIVATE should rather be changed to CR knora-admin:ProjectAdmin,knora-admin:Creator|D knora-admin:ProjectMember, although this never appears in the database.

Giving CR to Creator sounds reasonable, but I think sticking to the current default for now is also a good idea. In the end, the permissions system has to change over time anyways, so we will have to see what we make form all this...

@jnussbaum
Copy link
Collaborator Author

The two top candidates, were they promoted by dsp-tools in some way? (e.g. an XML template, docs, etc.)

I cannot find the source of these:

But it doesn't matter that much. I guess that these permissions really stem from dsp-tools, even if I cannot reconstruct the exact way how they came into being.

More importantly: I will tend for the standardized way, and merge this PR as is. Thanks for your thoughts 👍

@jnussbaum jnussbaum merged commit 787383d into main Aug 8, 2024
1 check passed
@jnussbaum jnussbaum deleted the wip/redefine-public-and-restricted branch August 8, 2024 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BalduinLandolt BalduinLandolt BalduinLandolt approved these changes

@Nora-Olivia-Ammann Nora-Olivia-Ammann Nora-Olivia-Ammann approved these changes

Assignees

@jnussbaum jnussbaum

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jnussbaum @BalduinLandolt @Nora-Olivia-Ammann