Content
View differences
Updated by Niels Lindenthal over 1 year ago
**User story**
As an **As an** OpenProject Admininistrator
I **I want to to** set the permissions (read-only, edit, none) of each project attribute in the Administration
So **So that I I** can ensure the "need-to-know-principle". This means the users can get the information they need - but only the information they need.
**Acceptance criteria**
* In _Admininistration_ -> _Projects_ -> _Project attributes_ -> <_Attribute A_> there is a section "Permissions" (similar to the "Participants" section in the meetings view).
* Example:
* Project role A (read-only)
* Project role D (edit)
* In _Administration_ -> _Users and permissions_ there is another menu entry "_Permissions project attributes_" showing a two dimensional permissions table that gives an overview of all project attributes.
* The permissions are enforced in all relevant views:
* Project overview
* Project list
* API
**Permission matrix example**
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p"><br data-cke-filler="true"></p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Attribute A</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Attribute B</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Project Roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td><td class="op-uc-p"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td></tr><tr class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Admin</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">edit</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Project Reader</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">[...]</p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td><td class="op-uc-p"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td></tr><tr class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Global roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td><td class="op-uc-p"></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td></tr><tr class="op-uc-p"></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Anonymous</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p">Non-member</p></td><td class="op-uc-table--cell"><p class="op-uc-p">read-only</p></td><td class="op-uc-table--cell"><p class="op-uc-p">none</p></td></tr></tbody></table></figure>
**Complexity Analysis**
* Introduction of mapping of Project attributes <-> role, permissions data structure (5 - 20 PD)
* Admin UI for roles (8 - 12 PD)
* This excludes the "bulk edit" functionality as it becomes too large/impractical very quickly depend on the roles
* Adapt Project dashboard and API for new visibility checks using the new mapping (5 - 25 PD)
* Adapt columns and filters in project lists now that some of the attributes or their values are no longer selectable (10 - 30 PD)
* Open: How to deal with visible attribute in field (Probably remove it) (2 - 4 PD)
* Change validation mechanisms so users can still edit attributes without causing validations on e.g., other required custom fields (10 - 30 PD)
**Open**
* Migrations
* How to handle a very large number of roles and attributes in one table. We might need some filtering later.
* Sections: Will they be hidden or visible when no project attribute is visible?
**Figma**
https://www.figma.com/file/Ya9Xz4HvWCzOmM64qfvGPm/Projects-attributes-and-project-settings?type=design&node-id=1563-20879&mode=design
As an
I
So
**Acceptance criteria**
* In _Admininistration_ -> _Projects_ -> _Project attributes_ -> <_Attribute A_> there is a section "Permissions" (similar to the "Participants" section in the meetings view).
* Example:
* Project role A (read-only)
* Project role D (edit)
* In _Administration_ -> _Users and permissions_ there is another menu entry "_Permissions project attributes_" showing a two dimensional permissions table that gives an overview of all project attributes.
* The permissions are enforced in all relevant views:
* Project overview
* Project list
* API
**Permission matrix example**
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p"><br data-cke-filler="true"></p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Attribute A</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Attribute B</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Project Roles</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td><td
**Complexity Analysis**
* Introduction of mapping of Project attributes <-> role, permissions data structure (5 - 20 PD)
* Admin UI for roles (8 - 12 PD)
* This excludes the "bulk edit" functionality as it becomes too large/impractical very quickly depend on the roles
* Adapt Project dashboard and API for new visibility checks using the new mapping (5 - 25 PD)
* Adapt columns and filters in project lists now that some of the attributes or their values are no longer selectable (10 - 30 PD)
* Open: How to deal with visible attribute in field (Probably remove it) (2 - 4 PD)
* Change validation mechanisms so users can still edit attributes without causing validations on e.g., other required custom fields (10 - 30 PD)
* Migrations
* How to handle a very large number of roles and attributes in one table. We might need some filtering later.
* Sections: Will they be hidden or visible when no project attribute is visible?
**Figma**
https://www.figma.com/file/Ya9Xz4HvWCzOmM64qfvGPm/Projects-attributes-and-project-settings?type=design&node-id=1563-20879&mode=design