Privilege dialog - DLR-SC/DataFinder GitHub Wiki

Specification on Launchpad

Use Cases

  • Definition of privileges for files and directories (referred to as "item").
    • A privilege definition should be bound to a specific item
    • A privilege definition should be definable for a specific user or group of user (referred to as "principal").
    • A privilege definition should consist of multiple principal entries
    • Three kind of privileges should be supported:
      • Item specific (none, read, write, full) for accessing item content.
      • Property specific (none, read, write, full) for accessing item properties.
      • Administration specific (none, read, write, full) for accessing item privileges.
  • The order of principal entries should be changable.
  • Inherited privileges should be displayed.
  • An "edit inherited privilege definition" feature should be available.
  • Principal entry should be removable.
    • Single and multiple removals should be supported.
  • Principals should be searchable using the specific principal search support feature of the underlying file system.
    • Add filter for user, groups

Constraints

  • The privilege dialog is only available for file system supporting privilege support '''AND''' principal search support. If one feature is missing the corresponding context menu entry should be disabled.

Solution Approach

All In One

The following figure shows the privilege dialog which integrates the principal search with privilege definition. The right table only contains directly defined privilege entries. The different privilege types should be selected in the table cells using combination boxes.

The next figure shows the read-only view of the inherited privileges. If a privilege entry is selected the corresponding directory gets selected in the path view. When pressing the "Edit" button the privilege dialog is loaded with privilege information of the currently selected directory. The "Edit" button will be de-activated if the user cannot change these privilege details.

Separated Principal Search

In this approach the principal search fature is put into a separate dialog which is shown in the following figure. Selected principals are added by using the "OK" (dialog is closed) or the "Apply" button (dialog remains opened).

The following dialog shows the adapted privilege dialog. If you use the "Add" button a new entry will be added and the principal search dialog is automatically opened. If you edit an existing principal you also get the principal search dialog.

Simplified Interface

In this approach you see all privilege entries (inherited too, ordered by definition) in the right table. When you select an entry the corresponding item is selected in the path view. The "Add" button adds a privilege entry for the currently selected item. The advantage here is that you can directly change all privilege entries (a little increased implementation effort due to handling different items not just one). Maybe we should add a "Filter" button which just shows the privileges of the currently selected item (?).