Rework the sharing system of Galaxy objects

[martenson]

Cannot set "read" access permission on a folder, must set individually on files within that folder.

Cannot share datasets with individual users. I must have a "sharing role" available (I could create these once by sharing a history with a user, but no more?), or by have a normal role available.

Cannot share LDAs with multiple roles.

"User has to have all these roles in order to access this dataset. Users without access permission cannot have other permissions on this dataset. If there are no access roles set on the dataset it is considered unrestricted." Is absolutely useless to me.

Be an admin. Modify: Role B, Access: Role A, Manage: Role B. Save. All modified roles disappear except for "Access"

This is just a random list of sharing issues within datalibraries from here

The underlying issue that causes these confusions and inabilities is not in the data libraries but in our sharing framework as a whole. Creating a 'sharing role' for every single account that you want to share with simply does not cut it anymore.

We need to achieve google-drive like user experience for sharing datasets/histories/workflows/library folders - and that is a big project.

I would like to start a discussion on that here.

[hexylena]

Yes, absolutely @ sharing experience. As a user, I want to be able to share anything (history, dataset, workflow, library (top level), library folders, files within a library folder) with groups and users. It should be as simple as auto-completing their name/email (assuming expose_user_name/mail is true)

[martenson]

We have also discussed with @natefoo that we could put user-driven groups in place, that would allow users to self-organize better.

[hexylena]

YES!!

[bernt-matthias]

Cannot set "read" access permission on a folder, must set individually on files within that folder.

:+1:

[hexylena]

Turning this into a meta issue, some other persistent permission pain points:

• [x] https://github.com/galaxyproject/galaxy/issues/5894 Sharing by link is more or less broken with default-private. To fix you can share individually with a specific user, select "make all public", and then unshare, and then share by link. Here I re-proposed a google drive interface not remembering about this issue.
  • [x] https://github.com/galaxyproject/galaxy/pull/6793 Allow making datasets public when sharing
  • [x] https://github.com/galaxyproject/galaxy/pull/6952 Allow making them private again
• [ ] https://github.com/galaxyproject/galaxy/issues/5783 UI Bug in sharing interface for re-sharing with someone.
• [ ] https://github.com/galaxyproject/galaxy/issues/4406 Cannot share history with multiple users simultaneously, must re-share with each individual
• [ ] https://github.com/galaxyproject/galaxy/issues/5629 Collections require auth
• [ ] https://github.com/galaxyproject/galaxy/issues/4159 no API for sharing objects (partially fixed with https://github.com/galaxyproject/galaxy/pull/6568!!)
• [ ] https://github.com/galaxyproject/galaxy/issues/18870

Workflows

• [ ] https://github.com/galaxyproject/galaxy/issues/1630 No API for sharing workflows
• [ ] https://github.com/galaxyproject/galaxy/issues/2036 Losing metadata during import

Data library issues (but I guess these are tangential)

• [ ] https://github.com/galaxyproject/galaxy/issues/5897 Inability to change permissions
• [ ] https://github.com/galaxyproject/galaxy/issues/6607 Weird menu sorting/appearance of roles they shouldn't have access to
• [ ] https://github.com/galaxyproject/galaxy/issues/5568 Can make datasets inaccessible to self
• [ ] https://github.com/galaxyproject/galaxy/issues/4069 Batch permissions changes not possible
• [ ] https://github.com/galaxyproject/galaxy/issues/1177 from the parent issue.