-
-
Notifications
You must be signed in to change notification settings - Fork 281
How should scheduled queries not created by the current user be handled? #501
Comments
Interesting question. @BRONSOLO @tarzzz can you help answer it? @briandennis when you say "it is read-only" what does that look like in the UI? This makes me think: should we have a legit "edit" button in the scheduled tab to make it extra-clear that that's how you edit stuff? And then the edit button could be greyed out with a tooltip if read-only? |
I think I would be comfortable with allowing users to edit each others' queries IF the edits aren't saved unless the first save succeeds. Presumably if user X is trying to edit user Y's query targeting a fid belonging to Y, and X does not have write access to that fid, then her first update will fail with an informative error message and everyone is happy. |
@nicolaskruchten in the UI that means they'll still see the query in the list and can still view it's details. But the edit/delete buttons are hidden (equivalent to not being logged in). |
re allowing users to edit each others' queries: Maybe @n-riesco can shed some light here as I don't completely understand the logic, but this description of behavior makes me nervous about that solution. If user X not having permission leads to user Y's query getting removed that seems problematic. At the same time though, the query won't be able to run anyway if user X's access token replaces user Y's, right? |
OK. I'm fine with the current read-only behaviour unless @n-riesco thinks it's a problem, and so long as we haven't changed the behaviour of Falcon wrt to the old UI. |
@briandennis @nicolaskruchten I don't have the whole picture, because I'm not very familiar with Plotly's API. But this is how it goes in Falcon:
|
Currently, if a scheduled query was created by a different user than the one currently logged in, it is read only.
Is this correct behavior? If Falcon is running on a shared server, are there cases where multiple users should have permission to edit/delete a single scheduled query?
The text was updated successfully, but these errors were encountered: