Feature #6442

Updated by Tom Clegg about 5 years ago

This is similar to the "get a link to share" feature that's already available for collections, but the shareable link does not necessarily[1] have an additional secret part: it could be just the project UUID.

It would have a toggle switch, presumably under the "Sharing" tab:
* Private - only people listed below can view
* Open - anyone with the link can view

(It may be less confusing to present the "Anonymous users" ("public") sharing option as a third choice here, rather than offering it as one of the selectable groups.)

One implementation challenge (compared to the collection case) is that either:
* the browser/session[2] must remember the secret (whether or not it's just the shared project's UUID) -- and communicate it to Workbench when viewing an object _inside_ the project, like a subproject or collection; or
* API server must automatically apply "secret is just UUID" permission -- but this requires opening the permission model such that any UUID of _any object inside the shared project_ would effectively grant read access to the project, and this could cause unexpected sharing: if object X is moved from semi-secret project A to semi-secret project B, anyone who bookmarked X when it was in A would now also have permission to see B.

fn1. Both "secret part needed" and "no secret part needed" variants have their benefits and drawbacks. It's not clear right now whether one is more urgently desired than the other.

fn2. File download links would require some machinations, too.

Back