Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
bufke
@david:burkesoftware.com
[m]
No real way to filter that without going through a many to many field which causes the duplicates
bufke
@david:burkesoftware.com
[m]
Researching OSS Sentry more, it seems like teams don't actually filter issues as I thought they would. Which sounds unintuitive to me. A user in 0 teams will see 0 projects. But can see every event and issue.

That sounds .... like a security vulnerability? You add new employee to the org. You ensure new employee is not in the devops team. You submit event data with confidential data to the devops project. You expect new employee not to be able to read said confidential data but they can actually.

I'm even more confused.

@james.kiger_gitlab can you validate my thinking a little here
bufke
@david:burkesoftware.com
[m]
I can't find any authoritative docs on this. OSS Sentry's lower membership role is "member" which says "Members can view and act on events, as well as view most other data within the organization." Taken literally I suppose one could say that means they can view and act on all events. And the UI supports it pretty well. I can view an issue but I can't see the project details. Presumably this is intended behavior.
old issue here getsentry/sentry#1296 "Organization Members will supercede Team Members"
so I'm leaning towards solving this by adjust documentation to be REAL clear that team membership doesn't affect permissions in any way. It's more of a workflow for notifications and issue workflow.
james kiger
@james.kiger_gitlab
So I read the Sentry docs the same as you, @david:burkesoftware.com : Organization members can view all events, while teams are for managing notifications.
bufke
@david:burkesoftware.com
[m]
Ok, lets add documentation around this.
james kiger
@james.kiger_gitlab
So one question is where we want to put this documentation. On the organization side, it's easy enough since there is an invite member page. On the team side it's a little trickier, since there isn't an "invite team member" page. Members are added to teams directly from the list of team members.
bufke
@david:burkesoftware.com
[m]
can you show me a screenshot of that? Where a user encounters teams
james kiger
@james.kiger_gitlab
As soon as I figure out how to paste a pic here, yes
bufke
@david:burkesoftware.com
[m]
I use the element app to view this
can drag, paste, or click attach
gitter ui might be more limited
james kiger
@james.kiger_gitlab
Oh, well that would be convenient
bufke
@david:burkesoftware.com
[m]
yeah now I only need 5 chat apps instead of 6 at all times 😢
james.kiger
@james.kiger:burkesoftware.com
[m]
Oh, super easy integration. Nice
bufke
@david:burkesoftware.com
[m]
/org-slug/settings/teams/ would be the main page for teams and a reasonable place to add text
but a user might be able to avoid that page since it's referenced elsehwere
james.kiger
@james.kiger:burkesoftware.com
[m]
Yeah, and since it's a list if we put it at the bottom and they have a lot of teams they might never see it
bufke
@david:burkesoftware.com
[m]
my vote - add a sentence to Create a New Team modal. Then add maybe 2-3 sentences to settings/teams
james.kiger
@james.kiger:burkesoftware.com
[m]
OK, that makes sense
bufke
@david:burkesoftware.com
[m]
It needs to convey that teams about about notifications and workflow. Organizations manage permissions.
I still think that's really dumb but not an issue we can easily tackle if we aim for api compat
Does that surprise anyone else in the community? That a org member who isn't in a team, can see all issues in said team.
james.kiger
@james.kiger:burkesoftware.com
[m]
"GlitchTip teams are for managing event notifications. View permissions are handled through organization membership."
Brendan Berkley
@BrendanBerkley_gitlab
you'd expect an admin to be able to see everything
bufke
@david:burkesoftware.com
[m]
yeah that makes sense
but even the lowest role "member" can view all issues
or is supposed to be able to :P in GT today they can't but we're talking about "fixing" that

organization membership

That could be a link that opens in a new tab

"GlitchTip teams are for managing issue notifications and workflow."
james.kiger
@james.kiger:burkesoftware.com
[m]
For the "invite member" page:
:Organization member status grants view access to all of an organization’s events handled by GlitchTip."
bufke
@david:burkesoftware.com
[m]
I know "workflow" is ambiguous, but it does/should have have subtle effects in the UI
james.kiger
@james.kiger:burkesoftware.com
[m]
ah, I see
bufke
@david:burkesoftware.com
[m]
One affect it does/should have is to hid projects from the user
it doesn't make it secure, it's more of a visual change for UX
please don't look at these projects you aren't in a team for
(but you can!)
I guess GT doesn't need to follow that UX decision
we can worry about UX later though - workflow is still a good term to say I think
I kind of like the idea that GT is more clear showing the user EVERYTHING they have permission for
best to make it explicit
james.kiger
@james.kiger:burkesoftware.com
[m]
Yeah, that makes sense
Thinking of adding that "organization member" note either to the end of the email note or directly under the permission selection options.
The ideal I think would be to have the text change to describe each of the four permission options, though I would need a little input on what all those differences are.