launchpad-dev team mailing list archive

Thread
Date

Disclosure project questions (mainly for product folks)

To: Launchpad Community Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
From: Ian Booth <ian.booth@xxxxxxxxxxxxx>
Date: Wed, 11 Apr 2012 21:59:49 +1000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120402 Thunderbird/11.0.1

Hi

Here's some current info about what we're currently doing or have done
for the disclosure project. This info is mainly intended for the product
folks / project stakeholders so they can provide any necessary feedback,
but others may also be somewhat interested as well. Ina nutshell we are
seeking clarification on stuff that has been done in the
pre-implementation mockups and implemented so far.

1. Display of All vs Some sharing permissions

The Sharing Information page shows, for each user, what level of sharing
they have for each information type. Also for each user is a column
called "Shared Items". This column either displays:

1. The text "No items shared through subscriptions."
or
2. A "View shared items" link to the user's sharing details page.

If a user has been granted only All access to any information types,
then option #1 above is displayed. If a user has been given access to
Some any information types, then option #2 is displayed. Examples:

User Data: All  -> option #1
Embargoed Security: All, User Data: All  -> option #1
Embargoed Security: Some, User Data: All  -> option #2
Embargoed Security: Some -> option #2

For times when the link to the details page is shown, the user is able
to click though to see what specific bugs or branches have been
explicitly shared. ie the user only has access to these specific
artfacts (hence Some) but not All artifacts.

It could be argued that this approach is misleading, since if for
example Embargoed Security: All is shown, and the text says "No items
shared through subscriptions.", it may not be obvious or clear that the
user can actually see any Embargoed Security artifacts even if they are
not explicitly subscribed to them. It's just that since the permission
is All, we do not list them. Such a user may in fact be subscribed to
some artifacts, but this is masked by the All permission and when the
permission is changed to Some, the text is replaced by the link to the
details page. Is this behaviour ok? Should we look at re-wording the text?

2. Revoking access

When a user is to have their access to artifacts of a particular
information type revoked, the popup is used to change the permission to
Nothing. What happens server side is:

- any access policy grants are removed (think All permissions)
- any artifact grants are removed (think Some permissions)

The above only removes the grants. Any actual subscriptions to the
artifacts are retained. This allows a mistake to be corrected by setting
the permission back to Some and the originally visible artifacts will
still be there.

Do we want or need to provide a revocation option "Share nothing and
remove all subscriptions as well"?

Follow ups

Re: Disclosure project questions (mainly for product folks)
From: Robert Collins, 2012-04-12