Context Navigation

← Previous Changeset
Next Changeset →

Changeset 5792

Timestamp:

Oct 7, 2011, 1:14:11 PM (11 years ago)

Author:

Nicklas Nordborg

Message:

References #1590: Documentation cleanup

New and updated screenshots for chapter 6 "Projects and the permission system".

Location:

trunk

Files:

: 2 added
: 5 edited

doc/src/docbook/figures/edit_project.png (added)
doc/src/docbook/figures/project_defaults.png (added)
doc/src/docbook/figures/project_members.png (modified) (previous)
doc/src/docbook/figures/project_tabs.png (modified) (previous)
doc/src/docbook/user/project_permission.xml (modified) (21 diffs)
doc/src/docbook/user/webclient.xml (modified) (4 diffs)
lib/docbook/custom-styles/docbook/plain/css/docbook.css (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/doc/src/docbook/user/project_permission.xml

-                      r5782
+                      r5792
         between users while protecting all data against unauthorized
         access or modification. To make this possible an elaborate
         permission system has been developed that allows an user to
+        permission system has been developed that allows a user to
         specify exactly the permission to give to other users and at the
         same time makes it easy to handle the permissions of multiple
 …
           <listitem>
             <para>
             Check if you are the root user. The root user has full
+            Check if you are the <emphasis>root user</emphasis>. The root user has full
             permission to everything and the permission check stops here.
             </para>
 …
           <listitem>
             <para>
             Check if you are a member of a role that gives you access to the
+            Check if you are a <emphasis>member of a role</emphasis> that gives you access to the
             item. Role-based permissions can only be specified based on
             generic item types and is valid for all items of that type.
             The role-based permissions also include a special deny permission
             that can prevents a user from accessing any item. In that case,
+            that prevents a user from accessing any item. In that case,
             the permission check stops here.
             </para>
 …
           <listitem>
             <para>
+            Check if you are the owner of the item. As the owner you have full
+            permission to the item and the permission check stops here.
+            Check if you are the <emphasis>owner of the item</emphasis>. As the owner you have full
+            permission to the item and the permission check stops here. This step is not done
+            for items that doesn't have an owner.
             </para>
           </listitem>
 …
             <para>
             Check if you have been granted access to the item by the
             sharing system (cf. <xref linkend="webclient.items.share"/>).
+            <emphasis>sharing system</emphasis> (cf. <xref linkend="webclient.items.share"/>).
             The sharing system can grant access to individual users, groups of
             users and to projects. We recommend that you always use projects
             to share your items.
+            to share your items. This step is not done for items that can't be shared.
             </para>
           </listitem>
 …
               <listitem>
                 <para>
                 News: You always have read access to news if today's date
+                <guilabel>News</guilabel>: You always have read access to news if today's date
                 falls between the start and end date of the news item.
                 </para>
 …
               <listitem>
                 <para>
                 Groups: You have read access to all groups where you
+                <guilabel>Groups</guilabel>: You have read access to all groups where you
                 are a member.
                 </para>
 …
               <listitem>
                 <para>
                 Users: You have read permission to all users that share group
+                <guilabel>Users</guilabel>: You have read permission to all users that share group
                 membership with, excluding the <emphasis>Everyone</emphasis> group.
                 When a project is active, you also have read permission to all
 …
           may also have permissions of their own. The default is that
           plug-ins run with the same permissions as the user that invoked
           the plug-in has. Sometimes this can be seen as a security risk
+          the plug-in. Sometimes this can be seen as a security risk
           if the plug-in is not trusted. A malicious plug-in can, for example,
           delete the entire database if invoked by the root user.
 …
           permissions that is required to complete it's task. If the plug-in
           permission system is enabled for a plug-in the default is to deny
+          all actions. Then, the administrator can give the plug-in the same
+          permissions as listed above. There is one additional twist to
+          the plug-in permission system. A permission can be granted regardless
+          of if the user that invoked the plug-in had the permission or not, or
+          a permission can be granted only if the user also has the permission.
+          The first case makes it possible to develop a plug-in that allows
+          users to do things that they normally do not have permission to do.
+          The second case is the same as not using the plug-in permission system,
+          except that unspecified permissions are always denied when the
+          plug-in permission system is used.
+        </para>
+          all actions. Then, the administrator must assign permissions to
+          the plug-in. There are two variants:
+        </para>
+        <itemizedlist>
+          <listitem>
+            <para>
+            A permission can be granted regardless of if the user that invoked
+            the plug-in had the permission or not. This makes it possible to
+            develop a plug-in that allows users to do things that they normally
+            do not have permission to do directly in the web interface.
+            </para>
+          </listitem>
+          <listitem>
+            <para>
+            A permission can be granted only if the user also has the permission.
+            This is the same as not using the plug-in permission system, except that
+            unspecified permissions are always denied.
+            </para>
+          </listitem>
+        </itemizedlist>
         <note>
           Plug-in developers can supply information about
           the wanted permissions making it easy for the administrator to
           just check the permissions and accept them with just a single
           click if they make sense.
+          click if they make sense. See <xref linkend="plugins.permissions"/> for more information.
         </note>
-        <para>
-          See <xref linkend="plugins.permissions"/> for more information.
-        </para>
       </sect2>
 …
       <para>
         Projects are an important part of the permission system for several
+        Projects are an important part of BASE and the permission system for several
         reasons:
       </para>
 …
           </para>
         </listitem>
+        <listitem>
+          <para>
+          It is possible to assign default protocols, software, hardware
+          and other items to a project. This makes it easier when creating
+          new items since BASE will automatically suggest, for example
+          the extraction protocol used when creating a new extract. The default
+          items are also used by the <guilabel>item overview</guilabel>
+          validation functionality, which makes it possible to spot
+          mistakes. See <xref linkend="webclient.itemoverview" />.
+          </para>
+        </listitem>
       </itemizedlist>
+      <sect2 id="project_permission.projects.create">
+        <title>Creating a project</title>
+        <para>
+          You can list and manage all of your projects by going to
+          <menuchoice>
+            <guimenu>View</guimenu>
+            <guimenuitem>Projects</guimenuitem>
+          </menuchoice>. Use the &gbNew; button to create a new projects.
+        </para>
+      <figure
+        id="project_permission.figures.edit_project">
+        <title>Projects properties</title>
+        <screenshot>
+          <mediaobject>
+            <imageobject>
+              <imagedata
+                fileref="figures/edit_project.png" format="PNG" />
+            </imageobject>
+          </mediaobject>
+        </screenshot>
+      </figure>
+      <helptext external_id="project.edit"
+        title="Edit project">
+        <para>
+        This tab allows users to enter essential
+        information about a project.
+        </para>
+        <variablelist>
+        <varlistentry>
+          <term><guilabel>Name</guilabel></term>
+          <listitem>
+            <para>
+            The name of the project. We recommend that project names are unique, since
+            at some times it may need to be referenced by name.
+            </para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term><guilabel>Default permissions</guilabel></term>
+          <listitem>
+            <para>
+            This setting specify the permissions to give to new items that
+            are created while this project is the active project. The recommended
+            setting is <guilabel>delete</guilabel> permission. Optionally,
+            a permission template may be selected, in which case the permissions
+            are copied from the template to the new item.
+            <nohelp>See <xref linkend="project_permission.templates"/>
+            for more information.</nohelp>
+            </para>
+          </listitem>
+        </varlistentry>
+          <varlistentry>
+          <term><guilabel>Description</guilabel></term>
+          <listitem>
+            <para>
+            A optional description of the project.
+            </para>
+          </listitem>
+        </varlistentry>
+        </variablelist>
+        <seeother>
+          <other external_id="project.edit.members">Project members</other>
+          <other external_id="project.edit.defaults">Default items</other>
+        </seeother>
+      </helptext>
+      </sect2>
       <sect2 id="project_permission.projects.active">
 …
                 is to use the menu bar shortcut. Look in the menu for the project
                 icon
                 (<guiicon>
+                <guiicon>
                   <inlinemediaobject>
                     <imageobject>
 …
                     </imageobject>
                   </inlinemediaobject>
                 </guiicon>).
+                </guiicon>.
                 Next to it, the name of the active project is displayed. If you see
                 <guiicon>
 …
           </note>
           <warning>
+          <caution>
             If you change the active project while viewing an item
             that you no longer has access to in the context of the
 …
             In the worst case, you may have to go to the login page and
             login again.
           </warning>
+          </caution>
         </sect3>
 …
                 <note>
+                In most cases, you should give the project members
+                <emphasis>use</emphasis> permission. This will allow an user
+                to use all items in the project as well as add new items to it.
+                If you give them write or delete permission they will be able
+                to modify or delete all items including those that they do not
+                own.
+                </note>
+                <note>
+                The above note is not always true since the permission to
+                an item in the project also depends on the permission that
+                was set when adding the item to the project. The default
+                permission is <emphasis>delete</emphasis> and the above note
+                holds true. If the item's permission is manually changed to for
+                example, <emphasis>use</emphasis>, no project member can get
+                higher permission to the item.
+                  <para>
+                  In most cases, you should give the project members
+                  <guilabel>use</guilabel> permission. This will allow a user
+                  to use all items in the project as well as add new items to it.
+                  If you give them <guilabel>write</guilabel> or <guilabel>delete</guilabel>
+                  permission they will be able to modify or delete all items including
+                  those that they do not own.
+                  </para>
+                  <para>
+                  This rule is valid for all items that are shared to the project
+                  with the default <guilabel>delete</guilabel> permission. Items
+                  that are shared with a lower permission, for example,
+                  <guilabel>use</guilabel>, can be accessed with at most that
+                  permission.
+                  </para>
                 </note>
 …
                     <para>
                     you share group memberships with
+                    (the <emphasis>Everyone</emphasis> group doesn't count)
+                    (the <emphasis>Everyone</emphasis> group and groups with hidden members
+                    doesn't count)
                     </para>
                   </listitem>
 …
             close the popup without saving.
           </para>
+        <seeother>
+          <other external_id="project.edit">Project properties</other>
+          <other external_id="project.edit.defaults">Default items</other>
+        </seeother>
         </helptext>
 …
         <title>Default items</title>
+        <para>TODO</para>
+        <helptext external_id="project.edit.defaults"
+          title="Default items">
+        <para>
+          A number of default item can be assigned to a project. It is possible to
+          select one raw data type and any number of platforms, variants, protocols,
+          hardware, software and array designs. The default items are used by BASE to
+          suggest default values. The subtype <nohelp>(see <xref linkend="subtypes" />)
+          </nohelp> of each item is used as a filter so that, for example, an extraction protocol is
+          suggested when creating an extract, and a hybridization protocol when creating
+          a hybridization. Use the various <guibutton>Add</guibutton> buttons to add
+          items to the project and the <guibutton>Remove</guibutton> button to remove them.
+        </para>
+        <note>
+          <para>
+          Make sure that the items that are selected as default items also are
+          shared to the project with at least <guilabel>use</guilabel> permission.
+          Otherwise the default items will not show up for other members of the
+          project, which may result in registering incorrect data.
+          </para>
+        </note>
+        <seeother>
+          <other external_id="project.edit">Project properties</other>
+          <other external_id="project.edit.members">Project members</other>
+        </seeother>
+        </helptext>
+        <figure
+          id="project_permission.figures.project_defaults">
+          <title>Project default items</title>
+          <screenshot>
+            <mediaobject>
+              <imageobject>
+                <imagedata
+                  fileref="figures/project_defaults.png" format="PNG" />
+              </imageobject>
+            </mediaobject>
+          </screenshot>
+        </figure>
       </sect2>
 …
           <listitem>
             <para>
               It support only a limited set of columns (id, name, description and
               owner) since these are the only properties that are common
+              It support only a limited set of columns (id, name, description,
+              owner and a few more) since these are the only properties that are common
               among all items.
             </para>

trunk/doc/src/docbook/user/webclient.xml

-                      r5791
+                      r5792
             <guiicon>
               <inlinemediaobject>
               <imageobject><imagedata fileref="figures/project.gif" format="GIF" align="left"/></imageobject>
+              <imageobject><imagedata fileref="figures/project.gif" format="GIF" /></imageobject>
               </inlinemediaobject>
             </guiicon>
 …
             <guiicon>
               <inlinemediaobject>
               <imageobject><imagedata fileref="figures/refresh.gif" format="GIF" align="left"
+              <imageobject><imagedata fileref="figures/refresh.gif" format="GIF"
                 /></imageobject>
               </inlinemediaobject>
             </guiicon>
+            </guiicon>
             <interface>
             Refresh page
 …
             <guiicon>
               <inlinemediaobject>
               <imageobject><imagedata fileref="figures/recent.png" format="PNG" align="left"/></imageobject>
+              <imageobject><imagedata fileref="figures/recent.png" format="PNG"/></imageobject>
               </inlinemediaobject>
             </guiicon>
 …
             <guiicon>
               <inlinemediaobject>
               <imageobject><imagedata fileref="figures/user.png" format="PNG" align="left"/></imageobject>
+              <imageobject><imagedata fileref="figures/user.png" format="PNG" /></imageobject>
               </inlinemediaobject>
             </guiicon>

trunk/lib/docbook/custom-styles/docbook/plain/css/docbook.css

-                      r5791
+                      r5792
   font-weight: bold;
+}
+.inlinemediaobject img {
+  vertical-align: text-bottom;
+}
 /* ------------------------------------------------------------------- }}} */

Note: See TracChangeset for help on using the changeset viewer.