Document permission UI

[ari]

Documents can currently have one of four permission states:

1. Public
2. Private
3. Tutors
4. Tutors and students

Problem

These options are confusing and lead to people setting the wrong permission too often. It also makes it sound like "Public" is not secure when in fact these documents are not discoverable without a long random URL being shared.

The problem is not the actual permission structure, but how it is presented to and understood by users.

Proposed solution

Instead of "public" use the terminology "Get link" with a simple way to copy the link URL. That link could either be the full URL to an S3 resource or a link embeddable in rich text of the {image name:'dog'} form.

The other sharing types can be controlled with an option titled "Share with people or groups". If this is chosen, the 'get link' option is disabled. We would then merge the existing UI which shows where the document is attached with this sharing UI. For example if the document is linked to a class and 'share with people or groups' is selected, then it would read:

Shared with students of Woodworking for beginners WD-123

If a document is linked to a contact, then "Share with people or groups" would read:

Shared with Bob Smith

Defaults

If an image is added at a profile picture then the 'get link' option is automatically enabled. Disabling this option should show a warning icon in the corner of the profile that this image would not be available to tutors marking the roll (if student) or against the tutor resume (if tutor)

Generally, the get link option would be disabled in other places.

[K-Curran]

Thank you for pointing us to this roadmap issue Ari. For our RTO we'd want the default status for newly created Document records to be 'private' (or unshareable, or whatever the equivalent term will be), as the large majority of documents we upload are for Compliance purposes and should only ever be looked at by staff who have onCourse user logins.

[ari]

That makes sense when attaching records to an enrolment or student. But when attaching a picture to a course we need to make it clear that your hero image will be seen by no one, and please don't call ish support complaining about a bug :-)

I agree that in general "sharing" should be an active action. Rest assured though... even the current "public" option isn't sharing that document anywhere. It just creates a link which you could share if you wanted to.

[ari]

Some common requests from customers include:

• simpler way to search for documents by access level
• a way to lock documents to a certain access level so that users cannot then attach them in a way which shares them (eg to a class). Perhaps a new access role around this.
• more clarity around the 'share link' concept or 'share on portal with' concept