| Thread Previous • Date Previous • Date Next • Thread Next |
On Wed, 2010-11-10 at 13:50 +0000, Matthew Revell wrote: > > I used the terms owner, driver and bug supervisor in versions 1-3 > > assuming/hoping that the testers would understand those roles had change > > power. That was not the case. adding terms like read and write > > reinforced an expectation of Unix ACL controls on all objects instead of > > clarifying that project owners could permit someone to see some or all > > of a project. We are not creating an ACL system. The only non-UI change > > the feature proposes is that we add an alternate mechanism to > > subscription to give someone access to all private data. > > You've mentioned a couple of times that we're not creating an ACL > system. To my, perhaps naive, view an ACL is a list of people who can > read and/or write certain data. Is that right? I want to be able to > look out for confusion between what we're testing and an ACL system. That is right. Testers would say "Am I giving a user read and write permission when I add him to this page"? These pages will be available on private and public projects. So in the case of a public project which has a few private bugs and branches, the owner might say "I want to remove all read access", but we know all users can see the public information. ... > I propose the following: > > * Two rounds of user testing. > - Between rounds 1 and 2 we'll update the mock-ups based on round 1's data. > * After round 2, a follow-up survey sent to all of the participants > to check that any points of confusion etc have been clarified. > > I had considered whether we should split each round into two parts: > one targeted at private project owners and the other at > observers/restricted observers. I imagine, though, that the experience > for observers/restricted-observers won't be much different to what > already exists. How will observers be notified of and manage their > access to private items? You bring up an interesting point. I had planned to make these pages only visible to owners. I am not sure I should be able to see who has access to an OEM project that I have permission to view. Consider the case of restricted observer viewing a private project. The user is directly subscribed to a few bugs and branches; those are the only pages he can view. An observer of a private project can see all the pages that that are launchpad.View. The observer cannot see the pages restricted to moderate, edit, or admin. I have not considered notifications to users yet. We will send emails. Restricted observers are bug/branch subscribers so they will be notified of those changes automatically. There are confidentiality issues for observers. When a user is removed do we send an email that will disclose information? Canonical's own security team added a feature to quietly remove a user from a team to ensure nothing is disclosed to the user. We probably need a similar rule for observers of private projects. > Looking at the mock-ups, I think it'd be helpful to have some > additional mock-ups. These would just be variations on what you've > already produced :) > > * The page from which the disclosure listing is accessed. I will add the link to the project index. > * A version of the listing page without the people picker overlay. I did. disclosure-listiing-view and disclosure-listiing-all-users-view are the two views of the list page. The disclosure-listiing-add-overlay is just about the overlay. > * A version of all mock-ups without explanatory boxes or post-it notes. I removed the notes. I do not know what you mean by explanatory boxes. Maybe you mean the ajax windows to edit the user/team permissions. Those windows are 50% of the feature. Do you want views without the interactions? -- __Curtis C. Hovey_________ http://launchpad.net/
Attachment:
disclosure-listiing-add-overlay.png
Description: PNG image
Attachment:
disclosure-listiing-all-users-view.png
Description: PNG image
Attachment:
disclosure-listiing-view.png
Description: PNG image
Attachment:
disclosure-project-index.png
Description: PNG image
Attachment:
disclosure-team-full-view.png
Description: PNG image
Attachment:
disclosure-team-partial-view.png
Description: PNG image
Attachment:
disclosure-user-partial-view.png
Description: PNG image
Attachment:
signature.asc
Description: This is a digitally signed message part
| Thread Previous • Date Previous • Date Next • Thread Next |
