Need API to show private spaces

[dlabrecq]

I'm in the process of implementing the UXD design below for the my spaces page. https://redhat.invisionapp.com/share/DQDSL22JA#/screens/261389228

There is no API we can use to show private spaces. Unfortunately, we have to omit this feature from the new my spaces page.

[maxandersen]

wdym about api for private spaces ? There is no such notion (yet).

[dlabrecq]

I'm going by the functionality defined by the UXD mockup. Will we not support this feature in future?

[maxandersen]

yes, we will need to support it but not currently availble.

[aslakknutsen]

The general question is; Is this a GA requirement. If it is, there is a lot of work to be done (which most likely won't be ready in time)? If it's not, then remove it from the UX.

[qodfathr]

Due to the proposed permission model of #2068, there really is no first-class notion of a private Space.

When a Space is first created, it does make sense to ask the creator if it is to be Public or Private. This selection should be used to define an appropriate set of initial Permissions across an initial set of Groups. But, otherwise, the selection of public or private is not maintained, for once the Permissions are defined, the Permissions truly define if a Space is public or private. Moreover, a single change to the Permissions could effectively flip a Space from Public to Private.

This will require some thought and discussion, but I believe the answer isn't a difficult one to compute (at least on paper).

First, we likely need to have one or two special groups defined -- e.g. Anonymous and Unauthenticated. Every user in the system is a member of Anonymous. Every visitor to the site who does not log in is a member of Unauthenticated.

This results in effectively two sets of Public Spaces:

• Any Space that grants any Allow permission to Unauthenticated is Public. This list of Spaces should be browsable by anyone, even people who are not logged in. (Although I've written "any Allow permission," it may be the case that this is best handled by a very specific, well-known Permission.)
• Any Space that grants any Allow permission to Anonymous but none to Unauthenticated is "limited" Public. This list of Spaces should be browsable by anyone who is logged in.
  • As such, a logged in user who wants to see a list of Public Spaces sees the union of both lists.
• Otherwise, a Space is "Private." The only way to see it is to look at your "Collaboration Spaces."

See also #1630 for more details.

We will probably need a rule that prohibits a class of users (even if they created the Space) from denying Reader-type access to Anonymous. (read: 100% free usage of OpenShift.io may have some limitations).