[ARVADOS] updated: 5596c93b7938d6c6758a93a0e33cf4a5c185c445
git at public.curoverse.com
git at public.curoverse.com
Mon Aug 25 20:34:09 EDT 2014
Summary of changes:
.../app/assets/javascripts/permission_toggle.js | 55 ++++++++++
.../app/views/projects/_show_sharing.html.erb | 2 +-
.../workbench/app/views/users/_show_admin.html.erb | 115 ++++++++++++++++++---
doc/api/permission-model.html.textile.liquid | 4 +-
services/api/Gemfile.lock | 6 +-
5 files changed, 163 insertions(+), 19 deletions(-)
create mode 100644 apps/workbench/app/assets/javascripts/permission_toggle.js
via 5596c93b7938d6c6758a93a0e33cf4a5c185c445 (commit)
via 437725d13f8775b29ad3e279a07b0bd4b7f8d098 (commit)
via 8516f7a534565d077a1008eefff05a70f0a4eeea (commit)
via 050e18ef86f2cb16f2ae981be8b4123ad8e08697 (commit)
from 3c54f04e5509dc041f526c70f1a396617cfc8644 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 5596c93b7938d6c6758a93a0e33cf4a5c185c445
Author: Tom Clegg <tom at curoverse.com>
Date: Mon Aug 25 20:34:00 2014 -0400
Update Gemfile.lock. refs #3405
diff --git a/services/api/Gemfile.lock b/services/api/Gemfile.lock
index d27f2bf..0a9b3c8 100644
--- a/services/api/Gemfile.lock
+++ b/services/api/Gemfile.lock
@@ -35,13 +35,13 @@ GEM
addressable (2.3.6)
andand (1.3.3)
arel (3.0.3)
- arvados (0.1.20140812162850)
+ arvados (0.1.20140825141611)
activesupport (>= 3.2.13)
andand
google-api-client (~> 0.6.3)
json (>= 1.7.7)
jwt (>= 0.1.5, < 1.0.0)
- arvados-cli (0.1.20140812162850)
+ arvados-cli (0.1.20140825141611)
activesupport (~> 3.2, >= 3.2.13)
andand (~> 1.3, >= 1.3.3)
arvados (~> 0.1.0)
@@ -130,7 +130,7 @@ GEM
jwt (~> 0.1.4)
multi_json (~> 1.0)
rack (~> 1.2)
- oj (2.10.0)
+ oj (2.10.2)
omniauth (1.1.1)
hashie (~> 1.2)
rack
commit 437725d13f8775b29ad3e279a07b0bd4b7f8d098
Merge: 3c54f04 8516f7a
Author: Tom Clegg <tom at curoverse.com>
Date: Mon Aug 25 20:24:56 2014 -0400
Merge branch '3171-admin-groups' closes #3171
commit 8516f7a534565d077a1008eefff05a70f0a4eeea
Author: Tom Clegg <tom at curoverse.com>
Date: Mon Aug 25 14:12:37 2014 -0400
3171: Fix wording, update docs.
diff --git a/apps/workbench/app/views/users/_show_admin.html.erb b/apps/workbench/app/views/users/_show_admin.html.erb
index 8d54950..4c76ede 100644
--- a/apps/workbench/app/views/users/_show_admin.html.erb
+++ b/apps/workbench/app/views/users/_show_admin.html.erb
@@ -35,15 +35,15 @@
<div class="col-md-6">
<div class="panel panel-default">
<div class="panel-heading">
- Groups
+ Group memberships
</div>
<div class="panel-body">
<div class="alert alert-info">
- A <i>permitted</i> user <i>has all permissions</i> available to the group.
+ <b>Tip:</b> in most cases, you want <i>both permissions at once</i> for a given group.
<br/>
- A <i>member</i> user <i>is visible to</i> everyone else who can see the group.
+ The user→group permission is can_manage.
<br/>
- (Tip: in most cases, you don't want one without the other.)
+ The group→user permission is can_read.
</div>
<form>
<% permitted_group_perms = {}
@@ -69,7 +69,7 @@
data: {
permission_head: group.uuid,
permission_uuid: permitted_group_perms[group.uuid]}) %>
- permitted
+ <small>user→group</small>
</label>
<label class="checkbox-inline" data-toggle-permission="true" data-permission-head="<%= @object.uuid %>" data-permission-name="can_read">
<%= check_box_tag(
@@ -80,7 +80,7 @@
data: {
permission_tail: group.uuid,
permission_uuid: member_group_perms[group.uuid]}) %>
- member
+ <small>group→user</small>
</label>
<label class="checkbox-inline">
<%= group.name || '(unnamed)' %> <span class="deemphasize">(owned by <%= User.find(group.owner_uuid).andand.full_name %>)</span>
diff --git a/doc/api/permission-model.html.textile.liquid b/doc/api/permission-model.html.textile.liquid
index bdfdbd7..8b085ee 100644
--- a/doc/api/permission-model.html.textile.liquid
+++ b/doc/api/permission-model.html.textile.liquid
@@ -15,9 +15,11 @@ Each API transaction (read, write, create, etc.) is done on behalf of a person.
A user (person) is permitted to act on an object if there is a path (series of permission Links) from the acting user to the object in which
-* Every intervening object is a Group or a User, and
+* Every intervening object is a Group, and
* Every intervening permission Link allows the current action
+Special case: A permission path can also include intervening User objects if the links _to_ the Users are "can_manage" links.
+
Each object has exactly one _owner_, which can be either a User or a Group.
* If the owner of X is A, then A is permitted to do any action on X.
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list