Community
Participate
Working Groups
As per suggestion from John J Barton on the mailing list. This makes a lot of sense to me, but users would have to be able to change the permissions themselves, and a server administrator would have to be able to change the default (ficticious example: when hosted on orion.internal.ibm.com we might want to have the default be owner-readable/owner-writable).
Szymon, John, what do you think?
I think this is a duplicate of bug 336533. I don't see world-readable being the appropriate default for user data in a multi-user system. But, it should be possible to configure a particular server such that the default is anonymous user has read access to projects. For hosting an open source project, world-readable default makes sense.
(In reply to comment #2) We have three main ways in which Orion is currently consumed: 1. People download one of our builds and run them locally (using localhost://) to try out Orion 2. Orion developers run a local instance in self-hosting mode 3. orion.eclipse.org For all three cases I don't see harm in making user data readable by everybody (which btw is not exactly the same as readable by "anonymous": everybody means every logged in user as well as the anonymous user). That's why I suggested we make this the default. Of course, in our documentation on how to set up a server we would need to document how to change this default.
One more thing - if we view Orion as a way to potentially share code with others, we should implement a mechanism similar to photo sharing providers: Each folder or project would have a setting whether it is private, publicly browsable, or publicly accessible for those who have a link to it. In practice, the third setting is implement with a hard-to-guess string that is part of the URL, for example: http://orion.eclipse.org/file/boris/orion-editor/web/editor.js?authkey=12345678876543 This would be really cool since these links then could be shared with anyone (just like links to pictures on Picasa), compressed using tinyurl, etc. To see what I mean, click on the following link: http://tinyurl.com/4mjpzkc Of course, the above currently only works if you have Orion running on localhost port 8080 and are logged in already. The goal would be to have links like this that go to orion.eclipse.org and work for anybody.
Right, there is a potential distinction between "all authenticated users can read it", vs "anonymous users can read it". I expect John Barton actually wants the latter because he wants to forgo authentication entirely, but the former would also have its uses.
(you guys need a modern bugzilla with the box at the bottom ;-) "all authenticated users can read it" is a less important because closed source folks are behind a firewall already and I guess your server isn't so secure really. It's a great feature to add, eventually.
There is a bug to add roles to our authorization mechanism. The plan is to be able to add rules for Administrators, Authenticated Users, Anonymous Users etc. Then we could add GET /file and GET file/* rule to all Authenticated Users by default what would make files and folders world-readable. This is a duplicate or at least depends on Bug 336214.
Note that in bug 339208 we released a short term solution for M6 - a global system property that can be set to make all projects world-readable. Longer term we would want to configure this in a more fine-grained way. For example on each project be able to set the authorization for anonymous users (no access, read only, or even read/write). Once we have something like that, we should get rid of the global org.eclipse.orion.server.core.projectsWorldReadable system property.
Marking this fixed in M6, and created bug 343159 for more fine-grained permission control post-0.2 release.
