Project

General

Profile

Actions

Feature #19146

closed

Return can_manage and can_write alongside writable_by

Added by Peter Amstutz over 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
API
Target version:
Story points:
-
Release relationship:
Auto

Description

To correctly determine whether to display actions for sharing and project freezing in workbench, we need to know if a user has "can_manage" permission.

Proposal:

If the current user has can_manage permission to an object, the response includes a "can_manage: true" boolean field.

In addition, introduce a "can_write" boolean field.

The "writable_by" field is simplified to only include the user uuid if the user can_write, and be empty otherwise. This field will be considered deprecated. Add a configuration option to restore the original writable_by behavior which is default false, with a deprecation note.

In the case of a frozen project that the user owns, we expect the "can_write" field to be false, but the "can_manage" field to me true. Workbench is responsible for checking "can_write" for modification operations and "can_manage" for permission operations.


Subtasks 1 (0 open1 closed)

Task #19156: Review 19146-can-write-manageResolvedPeter Amstutz06/07/2022Actions

Related issues 5 (3 open2 closed)

Related to Arvados - Feature #18692: Frozen projects workbench supportResolvedDaniel KutyƂa05/19/2022Actions
Related to Arvados Epics - Idea #18390: Frozen projectsResolved03/01/202207/31/2022Actions
Related to Arvados - Feature #19194: Return can_manage and can_write for all object types (not just users/groups/projects)NewActions
Related to Arvados - Feature #19196: Allow API select parameter to add/remove fields from the default setNewActions
Related to Arvados - Feature #19197: Optimize permission checks for can_write/can_manage fieldsNewActions
Actions

Also available in: Atom PDF