Changeset 5792


Ignore:
Timestamp:
Oct 7, 2011, 1:14:11 PM (10 years ago)
Author:
Nicklas Nordborg
Message:

References #1590: Documentation cleanup

New and updated screenshots for chapter 6 "Projects and the permission system".

Location:
trunk
Files:
2 added
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/doc/src/docbook/user/project_permission.xml

    r5782 r5792  
    3535        between users while protecting all data against unauthorized
    3636        access or modification. To make this possible an elaborate
    37         permission system has been developed that allows an user to
     37        permission system has been developed that allows a user to
    3838        specify exactly the permission to give to other users and at the
    3939        same time makes it easy to handle the permissions of multiple
     
    167167          <listitem>
    168168            <para>
    169             Check if you are the root user. The root user has full
     169            Check if you are the <emphasis>root user</emphasis>. The root user has full
    170170            permission to everything and the permission check stops here.
    171171            </para>
     
    174174          <listitem>
    175175            <para>
    176             Check if you are a member of a role that gives you access to the
     176            Check if you are a <emphasis>member of a role</emphasis> that gives you access to the
    177177            item. Role-based permissions can only be specified based on
    178178            generic item types and is valid for all items of that type.
    179179            The role-based permissions also include a special deny permission
    180             that can prevents a user from accessing any item. In that case,
     180            that prevents a user from accessing any item. In that case,
    181181            the permission check stops here.
    182182            </para>
     
    185185          <listitem>
    186186            <para>
    187             Check if you are the owner of the item. As the owner you have full
    188             permission to the item and the permission check stops here.
     187            Check if you are the <emphasis>owner of the item</emphasis>. As the owner you have full
     188            permission to the item and the permission check stops here. This step is not done
     189            for items that doesn't have an owner.
    189190            </para>
    190191          </listitem>
     
    193194            <para>
    194195            Check if you have been granted access to the item by the
    195             sharing system (cf. <xref linkend="webclient.items.share"/>).
     196            <emphasis>sharing system</emphasis> (cf. <xref linkend="webclient.items.share"/>).
    196197            The sharing system can grant access to individual users, groups of
    197198            users and to projects. We recommend that you always use projects
    198             to share your items.
     199            to share your items. This step is not done for items that can't be shared.
    199200            </para>
    200201          </listitem>
     
    209210              <listitem>
    210211                <para>
    211                 News: You always have read access to news if today's date
     212                <guilabel>News</guilabel>: You always have read access to news if today's date
    212213                falls between the start and end date of the news item.
    213214                </para>
     
    216217              <listitem>
    217218                <para>
    218                 Groups: You have read access to all groups where you
     219                <guilabel>Groups</guilabel>: You have read access to all groups where you
    219220                are a member.
    220221                </para>
     
    223224              <listitem>
    224225                <para>
    225                 Users: You have read permission to all users that share group
     226                <guilabel>Users</guilabel>: You have read permission to all users that share group
    226227                membership with, excluding the <emphasis>Everyone</emphasis> group.
    227228                When a project is active, you also have read permission to all
     
    249250          may also have permissions of their own. The default is that
    250251          plug-ins run with the same permissions as the user that invoked
    251           the plug-in has. Sometimes this can be seen as a security risk
     252          the plug-in. Sometimes this can be seen as a security risk
    252253          if the plug-in is not trusted. A malicious plug-in can, for example,
    253254          delete the entire database if invoked by the root user.
     
    258259          permissions that is required to complete it's task. If the plug-in
    259260          permission system is enabled for a plug-in the default is to deny
    260           all actions. Then, the administrator can give the plug-in the same
    261           permissions as listed above. There is one additional twist to
    262           the plug-in permission system. A permission can be granted regardless
    263           of if the user that invoked the plug-in had the permission or not, or
    264           a permission can be granted only if the user also has the permission.
    265           The first case makes it possible to develop a plug-in that allows
    266           users to do things that they normally do not have permission to do.
    267           The second case is the same as not using the plug-in permission system,
    268           except that unspecified permissions are always denied when the
    269           plug-in permission system is used.
    270         </para>
    271        
     261          all actions. Then, the administrator must assign permissions to
     262          the plug-in. There are two variants:
     263        </para>
     264       
     265        <itemizedlist>
     266          <listitem>
     267            <para>
     268            A permission can be granted regardless of if the user that invoked
     269            the plug-in had the permission or not. This makes it possible to
     270            develop a plug-in that allows users to do things that they normally
     271            do not have permission to do directly in the web interface.
     272            </para>
     273          </listitem>
     274         
     275          <listitem>
     276            <para>
     277            A permission can be granted only if the user also has the permission.
     278            This is the same as not using the plug-in permission system, except that
     279            unspecified permissions are always denied.
     280            </para>
     281          </listitem>
     282        </itemizedlist>
     283               
    272284        <note>
    273285          Plug-in developers can supply information about
    274286          the wanted permissions making it easy for the administrator to
    275287          just check the permissions and accept them with just a single
    276           click if they make sense.
     288          click if they make sense. See <xref linkend="plugins.permissions"/> for more information.
    277289        </note>
    278        
    279         <para>
    280           See <xref linkend="plugins.permissions"/> for more information.
    281         </para>
    282290       
    283291      </sect2>
     
    291299     
    292300      <para>
    293         Projects are an important part of the permission system for several
     301        Projects are an important part of BASE and the permission system for several
    294302        reasons:
    295303      </para>
     
    345353          </para>
    346354        </listitem>
    347      
     355
     356        <listitem>
     357          <para>
     358          It is possible to assign default protocols, software, hardware
     359          and other items to a project. This makes it easier when creating
     360          new items since BASE will automatically suggest, for example
     361          the extraction protocol used when creating a new extract. The default
     362          items are also used by the <guilabel>item overview</guilabel>
     363          validation functionality, which makes it possible to spot
     364          mistakes. See <xref linkend="webclient.itemoverview" />.
     365          </para>
     366        </listitem>
     367   
    348368      </itemizedlist>
    349369     
     370      <sect2 id="project_permission.projects.create">
     371        <title>Creating a project</title>
     372     
     373        <para>
     374          You can list and manage all of your projects by going to
     375          <menuchoice>
     376            <guimenu>View</guimenu>
     377            <guimenuitem>Projects</guimenuitem>
     378          </menuchoice>. Use the &gbNew; button to create a new projects.
     379        </para>
     380       
     381      <figure
     382        id="project_permission.figures.edit_project">
     383        <title>Projects properties</title>
     384        <screenshot>
     385          <mediaobject>
     386            <imageobject>
     387              <imagedata
     388                fileref="figures/edit_project.png" format="PNG" />
     389            </imageobject>
     390          </mediaobject>
     391        </screenshot>
     392      </figure>
     393       
     394      <helptext external_id="project.edit"
     395        title="Edit project">
     396       
     397        <para>
     398        This tab allows users to enter essential
     399        information about a project.
     400        </para>
     401       
     402        <variablelist>
     403        <varlistentry>
     404          <term><guilabel>Name</guilabel></term>
     405          <listitem>
     406            <para>
     407            The name of the project. We recommend that project names are unique, since
     408            at some times it may need to be referenced by name.
     409            </para>
     410          </listitem>
     411        </varlistentry>
     412        <varlistentry>
     413          <term><guilabel>Default permissions</guilabel></term>
     414          <listitem>
     415            <para>
     416            This setting specify the permissions to give to new items that
     417            are created while this project is the active project. The recommended
     418            setting is <guilabel>delete</guilabel> permission. Optionally,
     419            a permission template may be selected, in which case the permissions
     420            are copied from the template to the new item.
     421            <nohelp>See <xref linkend="project_permission.templates"/>
     422            for more information.</nohelp>
     423            </para>
     424          </listitem>
     425        </varlistentry>
     426          <varlistentry>
     427          <term><guilabel>Description</guilabel></term>
     428          <listitem>
     429            <para>
     430            A optional description of the project.
     431            </para>
     432          </listitem>
     433        </varlistentry>
     434        </variablelist>
     435       
     436        <seeother>
     437          <other external_id="project.edit.members">Project members</other>
     438          <other external_id="project.edit.defaults">Default items</other>
     439        </seeother>
     440       
     441      </helptext>
     442     
     443      </sect2>
    350444   
    351445      <sect2 id="project_permission.projects.active">
     
    390484                is to use the menu bar shortcut. Look in the menu for the project
    391485                icon
    392                 (<guiicon>
     486                <guiicon>
    393487                  <inlinemediaobject>
    394488                    <imageobject>
     
    396490                    </imageobject>
    397491                  </inlinemediaobject>
    398                 </guiicon>).
     492                </guiicon>.
    399493                Next to it, the name of the active project is displayed. If you see
    400494                <guiicon>
     
    450544          </note>
    451545         
    452           <warning>
     546          <caution>
    453547            If you change the active project while viewing an item
    454548            that you no longer has access to in the context of the
     
    458552            In the worst case, you may have to go to the login page and
    459553            login again.
    460           </warning>
     554          </caution>
    461555         
    462556        </sect3>
     
    565659               
    566660                <note>
    567                 In most cases, you should give the project members
    568                 <emphasis>use</emphasis> permission. This will allow an user
    569                 to use all items in the project as well as add new items to it.
    570                 If you give them write or delete permission they will be able
    571                 to modify or delete all items including those that they do not
    572                 own.
    573                 </note>
    574                
    575                 <note>
    576                 The above note is not always true since the permission to
    577                 an item in the project also depends on the permission that
    578                 was set when adding the item to the project. The default
    579                 permission is <emphasis>delete</emphasis> and the above note
    580                 holds true. If the item's permission is manually changed to for
    581                 example, <emphasis>use</emphasis>, no project member can get
    582                 higher permission to the item.
     661                  <para>
     662                  In most cases, you should give the project members
     663                  <guilabel>use</guilabel> permission. This will allow a user
     664                  to use all items in the project as well as add new items to it.
     665                  If you give them <guilabel>write</guilabel> or <guilabel>delete</guilabel>
     666                  permission they will be able to modify or delete all items including
     667                  those that they do not own.
     668                  </para>
     669                  <para>
     670                  This rule is valid for all items that are shared to the project
     671                  with the default <guilabel>delete</guilabel> permission. Items
     672                  that are shared with a lower permission, for example,
     673                  <guilabel>use</guilabel>, can be accessed with at most that
     674                  permission.
     675                  </para>
    583676                </note>
    584677               
     
    601694                    <para>
    602695                    you share group memberships with
    603                     (the <emphasis>Everyone</emphasis> group doesn't count)
     696                    (the <emphasis>Everyone</emphasis> group and groups with hidden members
     697                    doesn't count)
    604698                    </para>
    605699                  </listitem>
     
    651745            close the popup without saving.
    652746          </para>
     747
     748        <seeother>
     749          <other external_id="project.edit">Project properties</other>
     750          <other external_id="project.edit.defaults">Default items</other>
     751        </seeother>
     752
    653753        </helptext>
    654754
     
    658758        <title>Default items</title>
    659759       
    660         <para>TODO</para>
     760        <helptext external_id="project.edit.defaults"
     761          title="Default items">
     762        <para>
     763          A number of default item can be assigned to a project. It is possible to
     764          select one raw data type and any number of platforms, variants, protocols,
     765          hardware, software and array designs. The default items are used by BASE to
     766          suggest default values. The subtype <nohelp>(see <xref linkend="subtypes" />)
     767          </nohelp> of each item is used as a filter so that, for example, an extraction protocol is
     768          suggested when creating an extract, and a hybridization protocol when creating
     769          a hybridization. Use the various <guibutton>Add</guibutton> buttons to add
     770          items to the project and the <guibutton>Remove</guibutton> button to remove them.
     771        </para>
     772       
     773        <note>
     774          <para>
     775          Make sure that the items that are selected as default items also are
     776          shared to the project with at least <guilabel>use</guilabel> permission.
     777          Otherwise the default items will not show up for other members of the
     778          project, which may result in registering incorrect data.
     779          </para>
     780        </note>
     781       
     782        <seeother>
     783          <other external_id="project.edit">Project properties</other>
     784          <other external_id="project.edit.members">Project members</other>
     785        </seeother>
     786       
     787        </helptext>
     788       
     789        <figure
     790          id="project_permission.figures.project_defaults">
     791          <title>Project default items</title>
     792          <screenshot>
     793            <mediaobject>
     794              <imageobject>
     795                <imagedata
     796                  fileref="figures/project_defaults.png" format="PNG" />
     797              </imageobject>
     798            </mediaobject>
     799          </screenshot>
     800        </figure>
    661801       
    662802      </sect2>
     
    691831          <listitem>
    692832            <para>
    693               It support only a limited set of columns (id, name, description and
    694               owner) since these are the only properties that are common
     833              It support only a limited set of columns (id, name, description,
     834              owner and a few more) since these are the only properties that are common
    695835              among all items.
    696836            </para>
  • trunk/doc/src/docbook/user/webclient.xml

    r5791 r5792  
    218218            <guiicon>
    219219              <inlinemediaobject>
    220               <imageobject><imagedata fileref="figures/project.gif" format="GIF" align="left"/></imageobject>
     220              <imageobject><imagedata fileref="figures/project.gif" format="GIF" /></imageobject>
    221221              </inlinemediaobject>
    222222            </guiicon>
     
    248248            <guiicon>
    249249              <inlinemediaobject>
    250               <imageobject><imagedata fileref="figures/refresh.gif" format="GIF" align="left"
     250              <imageobject><imagedata fileref="figures/refresh.gif" format="GIF"
    251251                /></imageobject>
    252252              </inlinemediaobject>
    253             </guiicon>
     253            </guiicon> 
    254254            <interface>
    255255            Refresh page
     
    277277            <guiicon>     
    278278              <inlinemediaobject>
    279               <imageobject><imagedata fileref="figures/recent.png" format="PNG" align="left"/></imageobject>
     279              <imageobject><imagedata fileref="figures/recent.png" format="PNG"/></imageobject>
    280280              </inlinemediaobject>
    281281            </guiicon>
     
    301301            <guiicon>
    302302              <inlinemediaobject>
    303               <imageobject><imagedata fileref="figures/user.png" format="PNG" align="left"/></imageobject>
     303              <imageobject><imagedata fileref="figures/user.png" format="PNG" /></imageobject>
    304304              </inlinemediaobject>
    305305            </guiicon>
  • trunk/lib/docbook/custom-styles/docbook/plain/css/docbook.css

    r5791 r5792  
    139139  font-weight: bold;     
    140140}
    141 
     141.inlinemediaobject img {
     142  vertical-align: text-bottom;
     143}
    142144
    143145/* ------------------------------------------------------------------- }}} */
Note: See TracChangeset for help on using the changeset viewer.