Project

General

Profile

Actions

Feature #6442

closed

[Workbench] [API] Support "world-readable, but not world-searchable" permission on projects: "anyone with the link can view"

Added by Tom Clegg over 9 years ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assigned To:
-
Category:
Workbench
Target version:
Story points:
-
Release:
Release relationship:
Auto

Description

This is similar to the "get a link to share" feature that's already available for collections, but the shareable link does not necessarily1 have an additional secret part: it could be just the project UUID.

It would have a toggle switch, presumably under the "Sharing" tab:
  • Private - only people listed below can view
  • Open - anyone with the link can view

(It may be less confusing to present the "Anonymous users" ("public") sharing option as a third choice here, rather than offering it as one of the selectable groups.)

One implementation challenge (compared to the collection case) is that either:
  • the browser/session2 must remember the secret (whether or not it's just the shared project's UUID) -- and communicate it to Workbench when viewing an object inside the project, like a subproject or collection; or
  • API server must automatically apply "secret is just UUID" permission -- but this requires opening the permission model such that any UUID of any object inside the shared project would effectively grant read access to the project, and this could cause unexpected sharing: if object X is moved from semi-secret project A to semi-secret project B, anyone who bookmarked X when it was in A would now also have permission to see B.

1 Both "secret part needed" and "no secret part needed" variants have their benefits and drawbacks. It's not clear right now whether one is more urgently desired than the other.

2 File download links would require some machinations, too.

Actions

Also available in: Atom PDF