Docs: Access control documentation reworked 2.5 #5723
Conversation
| Administration | ||
| Includes all permissions available for the project. | ||
| All available permissions for the project. |
There was a problem hiding this comment.
Including adding people that can add administrators?
Should this be site-wide administration? What I am asking is if "superuser" is above this?
There was a problem hiding this comment.
This is only at project level - it grants all permissions for the project.
|
|
||
| Languages | ||
| Can manage translated languages (add or remove translations). | ||
| Manage translated languages (add or remove translations). |
There was a problem hiding this comment.
Individual strings or entire languages?
docs/admin/access.rst
Outdated
| By default this prevents Weblate from granting access provided by | ||
| `Users` and `Viewers` :ref:`default groups <default-groups>` due to these groups’ | ||
| own configuration. This doesn’t prevent you from granting permissions to those | ||
| projects site-wide by altering default groups, creating a new one, or creating |
There was a problem hiding this comment.
Note to self: wasn't this already not possible?
docs/admin/access.rst
Outdated
| groups. For example, you may want to give a permission to manage screenshots to all | ||
| the `Users`. | ||
| Additional permissions can be granted to the default | ||
| groups. In this example the ability manage screenshots for all `Users`. |
There was a problem hiding this comment.
Example needed
docs/admin/access.rst
Outdated
| by site-wide or per-project groups by adding another custom group. | ||
| Dedicated groups to manage permissions for languages, components, and projects | ||
| can be created. These groups can only grant additional privileges that can not | ||
| revoke any permission granted by site-wide or per-project groups by adding another |
There was a problem hiding this comment.
Granted which permissions, to whom, for what entity?
for more information, see https://pre-commit.ci
| @@ -4,32 +4,32 @@ Access control | |||
| ============== | |||
|
|
|||
| Weblate comes with a fine-grained privilege system to assign user permissions | |||
| for the whole instance, or in a limited scope. | |||
| for the whole instance with predefined roles, or by assigning one or more | |||
| groups of permissions to users for everything, or individual projects, components, | |||
There was a problem hiding this comment.
This needs to be a cursory overview.
Otherwise the whole thing is a riddle where the reader has to establish the connections.
Suggestions welcome :)
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #5723 +/- ##
==========================================
- Coverage 90.82% 90.78% -0.04%
==========================================
Files 554 559 +5
Lines 57306 57534 +228
Branches 9122 9180 +58
==========================================
+ Hits 52046 52235 +189
- Misses 3640 3670 +30
- Partials 1620 1629 +9 |
for more information, see https://pre-commit.ci
|
This pull request has been automatically marked as stale because there wasn’t any recent activity. It will be closed soon if no further action occurs. Thank you for your contributions! |
docs/admin/access.rst
Outdated
| - Otherwise, adding any :guilabel:`Projects` to a group (either by directly | ||
| listing them or by having :guilabel:`Selected projects` set to :guilabel:`All | ||
| public`) grants the group permissions for the projects. (Effectively | ||
| the same permissions as being granted access to :ref:`unrestricted components <component-restricted>` |
There was a problem hiding this comment.
Didn't look into what "which effectively grants the same permissions to access all projects" from the merge error means. Otherwise rewritten from what it was.
|
Neverstale |
|
This pull request has been automatically marked as stale because there wasn’t any recent activity. It will be closed soon if no further action occurs. Thank you for your contributions! |
|
What here now? |
|
@Justman100 Somebody needs to review this to verify it doesn't change the meaning of the documentation what has happened in the past. The typical reason for that is that the original documentation isn't clear enough and when reworking, another meaning is chosen than was originally intended. That's why several of these “reworked documentation” pull requests are stuck. These are big, what makes them challenging to review at once and GitHub is not really helpful in doing iterative review/merge. |
docs/admin/access.rst
Outdated
| @@ -63,20 +65,18 @@ project. | |||
|
|
|||
| .. image:: /screenshots/project-access.webp | |||
|
|
|||
| The default value can be changed by :setting:`DEFAULT_ACCESS_CONTROL`. | |||
| Access mode can also be changed by setting :setting:`DEFAULT_ACCESS_CONTROL`. | |||
There was a problem hiding this comment.
This only changes the default value for newly created projects.
docs/admin/access.rst
Outdated
| Your project name and other information can’t be revealed through this. | ||
| `Private` projects still expose counts for all projects in their | ||
| respective statistics and language summary. | ||
| This does not reveal project name or other info. |
There was a problem hiding this comment.
This makes it IMHO less clear. The intention is to make clear that even private projects are reflected in site-wide statistics, such as global or language ones.
docs/admin/access.rst
Outdated
| @@ -97,47 +97,57 @@ The following teams are automatically created for every project: | |||
|
|
|||
| For `Public`, `Protected` and `Private` projects: | |||
|
|
|||
| Granting users :guilabel:`Manage project access` (see :ref:`privileges`) | |||
| gives them access to assign other users in Public`, `Protected` and | |||
| `Private` (but not `Custom`) projects to one of the following groups: | |||
There was a problem hiding this comment.
This is duplicated few lines above.
|
|
||
| The following teams are automatically created for every project: | ||
| Granting users :guilabel:`Manage project access` (see :ref:`privileges`) |
There was a problem hiding this comment.
I would argue it doesn't need to be pointed out that users need to have MPA to do what is explained to be recursive about MPA.
My original intent must have been to replace the duplicated text, and then I didn't remove the original one.
Maybe it makes sense now, but not at all sure.
Some of the text is moved to a hint below.
Co-authored-by: Allan Nordhøy <epost@anotheragency.no>
|
This pull request has been automatically marked as stale because there wasn’t any recent activity. It will be closed soon if no further action occurs. Thank you for your contributions! |
|
What here now? |
A review is needed. @comradekingu did his work, now I need to find time to go through it. As the PR is long with many changes, I needed to postpone it multiple times. Short PRs get merged quicker. |
|
This pull request has been automatically marked as stale because there wasn’t any recent activity. It will be closed soon if no further action occurs. Thank you for your contributions! |
into where?
Single strings or entire translations at once?
Why "several" is it bulk-addition as opposed to clicking through one-by one in the user UI?
How is a role a group? Need to get all the cursory logic established up top. (and then note to self read through with that understanding (that I don't have)).
Is it "superusers", (which I seem to think is what I call "site-wide administrators")
The whole "manage/rs", "objects". It is all a bit much all at once.