[MWS] Manage Roles -- what should it do

[pmario]

@webplusai

• I am not sure what should happen here?
• I would have expected, we can set up access rights for this role

Is the functionality of this UI still WIP (work in progress), or do I miss something.

---

IMO we should have a "tag" in the UI, which shows eg: WIP -- so testers know, that the functionality is not finished yet.

[webplusai]

The edit role feature allows the user to modify the name and description of roles. It doesn't really have an effect on the behavior of the app

[pmario]

Where do we define, what a role can do?

[webplusai]

It is defined in the ACL configuration for a tiddler. For example, on this page http://127.0.0.1:8080/admin/acl/recipe-rho/bag-beta the admin can configure what permissions users with a certain role has

[pmario]

In the screenshot there is the READ description, that says: Allows the user to create tiddlers --- Is that a typo? IMO Read permission does not include modification rights.

[pmario]

What are the possible permissions?

[pmario]

Since every role can be deleted. What happens, if I do delete all roles for a bag?
Is there an owner, which can not be deleted?
Why is it possible to delete ADMIN?

[pmario]

I just spotted an other issue in the screenshot. IMO the "recipe ACL" needs to manage access rights for bags and recipes and not to tiddlers.

The "bag ACL" can manage access rights for tiddlers.

@Jermolene
Is there a description about the overall access management mechanism? I think I am missing something. The TiddlyWeb mechanism was completely different to what seems to be is implemented for MWS.

[webplusai]

In the screenshot there is the READ description, that says: Allows the user to create tiddlers --- Is that a typo? IMO Read permission does not include modification rights.

Yeah, the READ description was a typo, I'll correct that. Actually, the READ permission allows the user to only READ from an entity.

[webplusai]

What are the possible permissions?

Possible permissions are WRITE and READ. These permissions are assigned to specific roles with respect to a recipe or bag.

[webplusai]

Since every role can be deleted. What happens, if I do delete all roles for a bag? Is there an owner, which can not be deleted? Why is it possible to delete ADMIN?

Not all roles can be deleted. The ADMIN role can not be deleted. Also, if the system has multiple ADMIN users, only N-1 admin accounts can be deleted, this means that there must be at least one ADMIN account at all times.

[pmario]

@webplusai -- How can I open the recipe and bag ACL config page?
From your screenshot at: #8755 (comment)

[webplusai]

This can be done by clicking the globe icon (which is circled in red above) from the recipe page

[Jermolene]

Thanks @pmario @webplusai – it would be very helpful to develop some documentation updates from this discussion.

[aalberici]

hello, @webplusai the icon actually opens the link only when the name of the recipe is the same of the name of the bag itself. If not there's no way to edit the ACL of the other eventual bag, if the recipe has more than one.
We ca nhack this and keep changing the name of the recipe