Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
bufke
@david:burkesoftware.com
[m]
Exclusive gitter offer of the day - free stickers and/or free small plan months for app.glitchtip.com for anyone who is willing to DM me how they found GlitchTip and why they would or wouldn't pay for support/hosting. I'm looking for people who use it for a company. The stickers are the glitchtip logo and characters on glitchtip.com https://glitchtip.com/assets/home/bots-assembled@2x.webp
bufke
@david:burkesoftware.com
[m]

This issue is tripping me up today glitchtip/glitchtip-backend#109

The query needs a distinct but the performance impact is not even worth considering (start counting query time in minutes)

Sentry OSS doesn't help because they simply omit the ability to search issues without setting and organization which greatly simplifies the problem. Could do the same....I was dreaming one day to have a homepage that isn't org specific but that probably isn't all that important.

No real way to filter that without going through a many to many field which causes the duplicates
bufke
@david:burkesoftware.com
[m]
Researching OSS Sentry more, it seems like teams don't actually filter issues as I thought they would. Which sounds unintuitive to me. A user in 0 teams will see 0 projects. But can see every event and issue.

That sounds .... like a security vulnerability? You add new employee to the org. You ensure new employee is not in the devops team. You submit event data with confidential data to the devops project. You expect new employee not to be able to read said confidential data but they can actually.

I'm even more confused.

@james.kiger_gitlab can you validate my thinking a little here
bufke
@david:burkesoftware.com
[m]
I can't find any authoritative docs on this. OSS Sentry's lower membership role is "member" which says "Members can view and act on events, as well as view most other data within the organization." Taken literally I suppose one could say that means they can view and act on all events. And the UI supports it pretty well. I can view an issue but I can't see the project details. Presumably this is intended behavior.
old issue here getsentry/sentry#1296 "Organization Members will supercede Team Members"
so I'm leaning towards solving this by adjust documentation to be REAL clear that team membership doesn't affect permissions in any way. It's more of a workflow for notifications and issue workflow.
james kiger
@james.kiger_gitlab
So I read the Sentry docs the same as you, @david:burkesoftware.com : Organization members can view all events, while teams are for managing notifications.
bufke
@david:burkesoftware.com
[m]
Ok, lets add documentation around this.
james kiger
@james.kiger_gitlab
So one question is where we want to put this documentation. On the organization side, it's easy enough since there is an invite member page. On the team side it's a little trickier, since there isn't an "invite team member" page. Members are added to teams directly from the list of team members.
bufke
@david:burkesoftware.com
[m]
can you show me a screenshot of that? Where a user encounters teams
james kiger
@james.kiger_gitlab
As soon as I figure out how to paste a pic here, yes
bufke
@david:burkesoftware.com
[m]
I use the element app to view this
can drag, paste, or click attach
gitter ui might be more limited
james kiger
@james.kiger_gitlab
Oh, well that would be convenient
bufke
@david:burkesoftware.com
[m]
yeah now I only need 5 chat apps instead of 6 at all times 😢
james.kiger
@james.kiger:burkesoftware.com
[m]
Oh, super easy integration. Nice
bufke
@david:burkesoftware.com
[m]
/org-slug/settings/teams/ would be the main page for teams and a reasonable place to add text
but a user might be able to avoid that page since it's referenced elsehwere
james.kiger
@james.kiger:burkesoftware.com
[m]
Yeah, and since it's a list if we put it at the bottom and they have a lot of teams they might never see it
bufke
@david:burkesoftware.com
[m]
my vote - add a sentence to Create a New Team modal. Then add maybe 2-3 sentences to settings/teams
james.kiger
@james.kiger:burkesoftware.com
[m]
OK, that makes sense
bufke
@david:burkesoftware.com
[m]
It needs to convey that teams about about notifications and workflow. Organizations manage permissions.
I still think that's really dumb but not an issue we can easily tackle if we aim for api compat
Does that surprise anyone else in the community? That a org member who isn't in a team, can see all issues in said team.
james.kiger
@james.kiger:burkesoftware.com
[m]
"GlitchTip teams are for managing event notifications. View permissions are handled through organization membership."
Brendan Berkley
@BrendanBerkley_gitlab
you'd expect an admin to be able to see everything
bufke
@david:burkesoftware.com
[m]
yeah that makes sense
but even the lowest role "member" can view all issues
or is supposed to be able to :P in GT today they can't but we're talking about "fixing" that

organization membership

That could be a link that opens in a new tab

"GlitchTip teams are for managing issue notifications and workflow."
james.kiger
@james.kiger:burkesoftware.com
[m]
For the "invite member" page:
:Organization member status grants view access to all of an organization’s events handled by GlitchTip."
bufke
@david:burkesoftware.com
[m]
I know "workflow" is ambiguous, but it does/should have have subtle effects in the UI
james.kiger
@james.kiger:burkesoftware.com
[m]
ah, I see
bufke
@david:burkesoftware.com
[m]
One affect it does/should have is to hid projects from the user
it doesn't make it secure, it's more of a visual change for UX
please don't look at these projects you aren't in a team for
(but you can!)
I guess GT doesn't need to follow that UX decision
we can worry about UX later though - workflow is still a good term to say I think
I kind of like the idea that GT is more clear showing the user EVERYTHING they have permission for
best to make it explicit
james.kiger
@james.kiger:burkesoftware.com
[m]
Yeah, that makes sense