Bug #3573


[Workbench] When showing a shared project, do not include "Home" in breadcrumbs.

Added by Tom Clegg almost 10 years ago. Updated 2 months ago.

Assigned To:
Target version:
Story points:

Related issues

Related to Arvados - Bug #6234: [Workbench] Admins should be able to edit their own user records, and view other users' home projects" from titleResolvedRadhika Chippada06/10/2015Actions
Has duplicate Arvados - Bug #3588: [Workbench] When looking at a project shared with you (but not owned by you), the breadcrumbs still indicate it is under your "Home" project.DuplicateActions
Actions #1

Updated by Tom Clegg over 9 years ago

  • Target version set to Arvados Future Sprints
Actions #2

Updated by Tom Clegg about 9 years ago

Updated version after meeting:

Given the following ownership hierarchy, where A <--- B signifies "B.owner_uuid==A.uuid":

system_user <--- user_A <--- project_A_shared
            <--- user_B <--- project_B_shared
            <--- user_C <--- project_C_shared
            <--- user_D <--- project_D_private <--- project_D_shared <--- project_D2_shared
            <--- user_I <--- project_I_private

And assuming:
  • I am user_I
  • I can read user_A and user_A's home project contents (e.g., I administer a group that user_A belongs to)
  • I can read user_B (e.g., we are members of the same organizational group) but I cannot read user_B's home project
  • I cannot read user_C at all (which implies I cannot read user_C's home project)
When I view... Breadcrumbs look like... Notes
my own home project Home (user_I) Home (<%= user_I.friendly_link_name %>)
project_I_private Home (user_I) → project_I_private
user_A's home project Home (user_A) The only reason I see user_A's name in breadcrumbs is that it's part of the name of a project I can click/view.
project_A_shared Home (user_A) → project_A_shared (ditto)
project_B_shared Shared projects → project_B_shared "Shared projects" is just that literal string, and isn't clickable.
This is what "other people's projects" look like to regular (non-sysadmin, non-group-admin) users.
project_C_shared Shared projects → project_C_shared
project_D_shared Shared projects → project_D_shared
project_D2_shared Shared projects → project_D_shared → project_D2_shared

If a non-project group appears in the ownership chain, display it but don't make it clickable. (Or, alternatively, confirm this situation is prevented by API server validations.)


The distinctions between the various cases aren't about whether a given "owner" object is current_user, but rather whether current_user can view that object as a project. In practice this is true IFF
  • the owner is a group object which can be fetched, or
  • the owner is a user object for which we can call arvados.v1.groups.contents (calling it with limit=0 might be the best way to check this).
Actions #3

Updated by Ward Vandewege about 3 years ago

  • Target version deleted (Arvados Future Sprints)
Actions #4

Updated by Peter Amstutz over 1 year ago

  • Release set to 60
Actions #5

Updated by Peter Amstutz 5 months ago

  • Target version set to Future
Actions #6

Updated by Peter Amstutz 2 months ago

  • Release deleted (60)
  • Target version deleted (Future)
  • Status changed from New to Closed

Also available in: Atom PDF