Skip to content
This repository has been archived by the owner on Jun 4, 2024. It is now read-only.

How should scheduled queries not created by the current user be handled? #501

Closed
briandennis opened this issue Jul 25, 2018 · 7 comments
Closed
Labels

Comments

@briandennis
Copy link
Contributor

Currently, if a scheduled query was created by a different user than the one currently logged in, it is read only.

Is this correct behavior? If Falcon is running on a shared server, are there cases where multiple users should have permission to edit/delete a single scheduled query?

@nicolaskruchten
Copy link
Contributor

Interesting question. @BRONSOLO @tarzzz can you help answer it?

@briandennis when you say "it is read-only" what does that look like in the UI?

This makes me think: should we have a legit "edit" button in the scheduled tab to make it extra-clear that that's how you edit stuff? And then the edit button could be greyed out with a tooltip if read-only?

@nicolaskruchten
Copy link
Contributor

I think I would be comfortable with allowing users to edit each others' queries IF the edits aren't saved unless the first save succeeds. Presumably if user X is trying to edit user Y's query targeting a fid belonging to Y, and X does not have write access to that fid, then her first update will fail with an informative error message and everyone is happy.

@briandennis
Copy link
Contributor Author

@nicolaskruchten in the UI that means they'll still see the query in the list and can still view it's details. But the edit/delete buttons are hidden (equivalent to not being logged in).

@briandennis
Copy link
Contributor Author

re allowing users to edit each others' queries:

Maybe @n-riesco can shed some light here as I don't completely understand the logic, but this description of behavior makes me nervous about that solution. If user X not having permission leads to user Y's query getting removed that seems problematic. At the same time though, the query won't be able to run anyway if user X's access token replaces user Y's, right?

@nicolaskruchten
Copy link
Contributor

OK. I'm fine with the current read-only behaviour unless @n-riesco thinks it's a problem, and so long as we haven't changed the behaviour of Falcon wrt to the old UI.

@n-riesco
Copy link
Contributor

@briandennis @nicolaskruchten I don't have the whole picture, because I'm not very familiar with Plotly's API. But this is how it goes in Falcon:

@briandennis
Copy link
Contributor Author

Thanks for the info @n-riesco, really informative!

As per discussion, we're going to leave the current read-only behavior in place for now. Note #500 adds a message to inform the user why the query is read-only.

Closing this for now, let's reopen down the road if we want to update this behavior.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

3 participants