Revamp Sharing dialog to show access via ownership
The current Workbench 2 Sharing dialog tries to distill sharing into three different levels: "Public" (shared with all users), "Shared" (has some sharing links), and "Private" (has no sharing links). This confuses users because it doesn't map well to Arvados' permission model:
- "Public" isn't a good description for most clusters, which are private
- "Private" is often misleading since many users may have access to the object via the ownership chain
Proposed Sharing Dialog
Rather than trying to reduce the presence of specific sharing links to high-level "visibility" values, this dialog would be both more useful and more accurate if it gave a complete view of everyone who could access the object, and let users manipulate sharing links directly from that list.
The core of the sharing dialog should be a list of users and groups who can access the item, in this format:
[user/group icon] [user/group name] [access level, with pulldown selector for sharing links] [delete icon]
When you open the Sharing dialog, Workbench 2 should both query the ownership chain and existing sharing links to fill out this list. It should query the ownership chain all the way up to the root user or group, and list all users and groups who have access to read/write/manage any project in the ownership chain.
Users and groups who can access the item through the ownership chain should be listed with the highest level of access they have. Each user/group should be listed only once. Their access level should be not be editable, and their delete icon should be grayed out, with a tooltip that explains "This user/group has access to this item via ownership."
Users and groups who can access the item through sharing links should be listed with their permission level as now. If the current user has manage permission on this object, they should be able to edit the permission level and delete the sharing link as now. If they do not have manage permission on this object, the delete icon should be grayed out, with a tooltip that explains "You do not have permission to manage how this item is shared." (I think it's important to use the word "manage" to tie it to our "can_manage" permission level.)
Below this list, if the current user can manage the current item, there is a line to let the user create a sharing link by selecting a user and permission level for them. This line can work as it does now.
All changes made to sharing links should happen as soon as they're confirmed by the user. There is no separate "Save Changes" button in the sharing dialog, just a "Close" button.
These are things that I think we will want eventually, but I think we can merge a first version without them. If this gets done, we should make separate follow-up tickets for these as needed.
It is okay, and probably preferable, if Workbench 2 loads the ownership chain, and builds this list, progressively when the dialog is open. Because of that, I think we can leave ordering and sorting as a later improvement. I'm guessing eventually we will want to let the user sort by name/username/email/permission level.
We might also want a filter to only show sharing links/only show who has access via ownership.
It would be nice to provide a "Remove all sharing" button. The confirmation dialog should list all the object's sharing links and levels as the main dialog does, with text like "You are about to remove the following access to this object: [list] [Cancel button] ['Revoke this access' button]"