-
Sean Hammond authored
Features ======== 1. If you have a group selected in the groups dropdown when you create an annotation, the annotation will be created in that group. 2. Only users who are members of the group can see the group's annotations. 3. An annotation can be separately set to public or private, whether it is in a group or not, using the separate visibility dropdown on the annotation card when creating or editing an annotation. Private means viewable by the user only, public means viewable by the group or by everyone if the annotation has no group. When in a group the group's name appears instead of "Public" in the user interface (and with a group icon instead of the public icon). So for example if I make an annotation in group Foobar I can set its visibility to Only Me or to Foobar. 4. New icons and styles for all the group-related parts of the UI, should look the same as in Jake's mockups now. Implementation Notes ==================== Auth ---- - We add `"group:<hashid>"` principals to `request.effective_principals` for each group the user is a member of. - The existing `"group:admin"` and `"group:staff"` principals are renamed to `"group:__admin__"` and `"group:__staff__"` so that they never clash with group hashids (hashids never contain _'s). - A user may only create an annotation in group "x" if they are themselves a member of group "x". This is enforced by an ACL in `h.api.resources`. - Users may only view annotations in groups of which they are members. This is enforced by a query filter in search: `h.api.groups.search`. - In `h.api.groups.logic`: A reply's group is always set to that of its parent, server-side. It doesn't matter what the client sends. Search Filtering ---------------- - Whether an annotation belongs to a group is recorded in a top-level `group` field in the annotation. The value of this field is the group's hashid. For example, it is currently possible to have a private annotation (visible only to the user who created it) within a group. This allows users to use the privacy controls for "drafting" group annotations and replies, only sharing them with the group when they're ready. It also allows users to keep private replies to group annotations. When the sidebar is focused on a group (not yet implemented), the search will filter the annotations to those that have the group's hashid in the group field, regardless of whether the annotation's permissions are private to the user or shared with the group. - The groups search filtering (`h.api.groups.search`) uses the top-level groups field to filter out annotations that belong to groups that the user isn't a member of. - Annotations that are public simply have a group field containing `__world__`. Client-Side ----------- - `annotation.coffee` sets the group field on the annotation before saving it. - There's a new group-list-controller to handle the now more interactive groups dropdown. - And a group-service to share state about which group is currently focused with different parts of the code. Misc ---- - `h.streamer`: Infinite scroll and live updates filter out annotations from groups the user isn't a member of, as well. - `h.api.search.transform`: the API adds group: '__world__' to any annotations without a group field before returning them to the client.
95512b68
Name |
Last commit
|
Last update |
---|---|---|
.. | ||
fonts | ||
angular-csp.css | ||
angular-toastr.css | ||
icomoon.css | ||
katex.min.css |