Bug #3573

[Workbench] When showing a shared project, do not include "Home" in breadcrumbs.

Added by Tom Clegg about 5 years ago. Updated about 4 years ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
-
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Story points:
0.5

Related issues

Related to Arvados - Bug #6234: [Workbench] Admins should be able to edit their own user records, and view other users' home projects" from titleResolved06/10/2015

Has duplicate Arvados - Bug #3588: [Workbench] When looking at a project shared with you (but not owned by you), the breadcrumbs still indicate it is under your "Home" project.Duplicate

History

#1 Updated by Tom Clegg over 4 years ago

  • Target version set to Arvados Future Sprints

#2 Updated by Tom Clegg about 4 years ago

Updated version after meeting:

Given the following ownership hierarchy, where A <--- B signifies "B.owner_uuid==A.uuid":

system_user <--- user_A <--- project_A_shared
            <--- user_B <--- project_B_shared
            <--- user_C <--- project_C_shared
            <--- user_D <--- project_D_private <--- project_D_shared <--- project_D2_shared
            <--- user_I <--- project_I_private

And assuming:
  • I am user_I
  • I can read user_A and user_A's home project contents (e.g., I administer a group that user_A belongs to)
  • I can read user_B (e.g., we are members of the same organizational group) but I cannot read user_B's home project
  • I cannot read user_C at all (which implies I cannot read user_C's home project)
When I view... Breadcrumbs look like... Notes
my own home project Home (user_I) Home (<%= user_I.friendly_link_name %>)
project_I_private Home (user_I) → project_I_private
user_A's home project Home (user_A) The only reason I see user_A's name in breadcrumbs is that it's part of the name of a project I can click/view.
project_A_shared Home (user_A) → project_A_shared (ditto)
project_B_shared Shared projects → project_B_shared "Shared projects" is just that literal string, and isn't clickable.
This is what "other people's projects" look like to regular (non-sysadmin, non-group-admin) users.
project_C_shared Shared projects → project_C_shared
project_D_shared Shared projects → project_D_shared
project_D2_shared Shared projects → project_D_shared → project_D2_shared

If a non-project group appears in the ownership chain, display it but don't make it clickable. (Or, alternatively, confirm this situation is prevented by API server validations.)

Implementation

The distinctions between the various cases aren't about whether a given "owner" object is current_user, but rather whether current_user can view that object as a project. In practice this is true IFF
  • the owner is a group object which can be fetched, or
  • the owner is a user object for which we can call arvados.v1.groups.contents (calling it with limit=0 might be the best way to check this).

Also available in: Atom PDF