Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/global sharing #2929

Closed
wants to merge 17 commits into from
Closed

Conversation

rkboyce
Copy link
Contributor

@rkboyce rkboyce commented Apr 23, 2024

This is a draft pull request that shows a test implementation of the enhancement described in this Atlas ticket .

Here is a video of the functionality

This changes in the draft pull request implement the general functionality needed in the configure-access-modal and show the role dependent visibility of the lock icon for the concept set and cohort definition managers. The final pull request will apply the latter to all relevant sub-apps in Atlas.

…ranting write access to a global shared artifact reader role that would be given to all users. Next steps are to 1) make this configurable, 2) allow users to configure the global author role if they want only some users to be able to grant global read access, and 3) set up global read role for all users as a default assigned system role
…'public' role since this would remove the need to change WebAPI to add a new system role that pretty much duplicates 'public'
Copy link

@pieterlukasse pieterlukasse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @rkboyce ! Please see two small comment improvements and one question below.

…rt to only persons who have been granted permission to change the same cohort.
@pieterlukasse
Copy link

thanks for merging in my proposed changes @rkboyce 👍
You can mark all my comments above as resolved.

pieterlukasse and others added 2 commits May 17, 2024 14:28
...to better reflect its real purpose
fix: adjust permission name to "artifact:global:share:put"
@pieterlukasse
Copy link

@rkboyce FYI - I found one issue in this solution where the "lock icon" only appears to the owner of the cohort definition, regardless of our global sharing configuration. I am trying to work around this (see this commit uc-cdis@b8fa939 added to uc-cdis#47). However, this seems to reveal some more issues. Please take a look and let me know if you're able to reproduce it as well.

@chrisknoll
Copy link
Collaborator

@rkboyce FYI - I found one issue in this solution where the "lock icon" only appears to the owner of the cohort definition, regardless of our global sharing configuration. I am trying to work around this (see this commit uc-cdis@b8fa939 added to uc-cdis#47). However, this seems to reveal some more issues. Please take a look and let me know if you're able to reproduce it as well.

I think that's correct: I think the current decision is that only owner can control access to an asset. I don't think that this is documented, but I can't recall anything about permissions that are granted that grant permissions to control access rights. Apologies if I am mistaken.

@pieterlukasse
Copy link

pieterlukasse commented May 23, 2024

thanks @chrisknoll . I found the PR where this was introduced: OHDSI/WebAPI#1273
This is the endpoint that is called when the permissions modal UI is opened: AtlasSecurity.java - Line214
In my case, the call WebAPI/permission/access/COHORT_DEFINITION/445/READ returns 403 (probably from here).

The PR mentioned above, introduced a new PermissionController.java and a PermissionService.java.
@rkboyce let's discuss with the business today and see if they are OK with this restriction.

@pieterlukasse
Copy link

This might actually work as a solution for now, based on our current "teamproject" WebAPI code: https://github.com/uc-cdis/WebAPI/pull/137/files

@pieterlukasse
Copy link

pieterlukasse commented May 23, 2024

This might actually work as a solution for now, based on our current "teamproject" WebAPI code: https://github.com/uc-cdis/WebAPI/pull/137/files

update: this solution works and allows me to share a cohort created by someone else in my team. Let me know what you think!

pieterlukasse added a commit to uc-cdis/Atlas that referenced this pull request May 23, 2024
pieterlukasse added a commit to uc-cdis/Atlas that referenced this pull request May 24, 2024
pieterlukasse added a commit to uc-cdis/Atlas that referenced this pull request May 24, 2024
pieterlukasse added a commit to uc-cdis/Atlas that referenced this pull request May 31, 2024
pieterlukasse added a commit to uc-cdis/Atlas that referenced this pull request May 31, 2024
pieterlukasse added a commit to uc-cdis/Atlas that referenced this pull request May 31, 2024
pieterlukasse added a commit to uc-cdis/Atlas that referenced this pull request May 31, 2024
@pieterlukasse
Copy link

@rkboyce please merge in vinci-ohdsi#7 and then I think this PR is go (for testing phase).

rkboyce and others added 4 commits September 2, 2024 08:16
...previous name isPermittedGlobalShareCohort did not reflect the
fact that it is about all kind of artifacts
Fix: better name for isPermittedGlobalShareArtifact
@rkboyce
Copy link
Contributor Author

rkboyce commented Sep 16, 2024

I think that we have completed the testing and discussion for this feature. I am closing the draft pull request and opening an actual one.

@rkboyce rkboyce closed this Sep 16, 2024
pieterlukasse added a commit to uc-cdis/Atlas that referenced this pull request Nov 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants