Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add options to limit anonymous view note #313

Merged
merged 11 commits into from
Jan 10, 2017
Merged

Add options to limit anonymous view note #313

merged 11 commits into from
Jan 10, 2017

Conversation

elct9620
Copy link
Contributor

@elct9620 elct9620 commented Jan 5, 2017

現在的 HMD_ALLOW_ANONYMOUS 只能限制匿名使用者編輯,但是無法關閉匿名使用者瀏覽筆記。
所以增加 HMD_ALLOW_ANONYMOUS_VIEW 權限設定,讓匿名使用者無法看到開放編輯的筆記。

不過我個人認爲這個可以再做討論,例如是可以增加原本筆記上的權限選項而不是透過這種全域的方式做覆蓋。

@jackycute
Copy link
Member

jackycute commented Jan 5, 2017
edited
Loading

@elct9620 謝謝你的 PR
我也是覺得從權限上下手比較好
不過包含 自己、已登入跟匿名 乘上 編輯與觀看,一共有 3*2 = 6 種權限
還不知道怎麼簡化比較好

@jackycute
Copy link
Member

jackycute commented Jan 5, 2017
edited
Loading

可是現在其實已經有 4 種權限了
把剩下兩種加上去好像也沒什麼大礙XD

@jackycute
Copy link
Member

jackycute commented Jan 5, 2017
edited
Loading

current permission matrix looks like this:

permission anyone signin users owner
edit & anyone can view freely editable private
edit & only signin users can view N/A limited protected
edit & only owner can view N/A N/A locked

might consider adding two new permission types - limited and protected to meet more use cases.

@jackycute
Copy link
Member

@elct9620 What do you think?

@jackycute jackycute closed this Jan 5, 2017
@jackycute jackycute reopened this Jan 5, 2017
@jackycute
Copy link
Member

Oops, sorry.

@elct9620
Copy link
Contributor Author

elct9620 commented Jan 8, 2017

我自己整理後理解是這樣。

Permission Anonymous Signin User Owner
Freely View + Edit View + Edit View + Edit
Limited View View + Edit View + Edit
Private View + Edit
Protected View + Edit View + Edit
Locked View View + Edit

簡單說就是增加 protected(內部人員可看)和locked(內部人員可看但不可修改)

如過確定無誤的話這部分我可以協助修改再送 PR 過來。

@jackycute
Copy link
Member

jackycute commented Jan 8, 2017
edited
Loading

@elct9620 這樣調整的話,會更改到現在使用同名權限的筆記,我們不能隨意調整現在已有名稱的權限
而且這樣少了 editable 這個權限

@jackycute
Copy link
Member

我的意思是這樣:

Permission Anonymous Signin User Owner
Freely View + Edit View + Edit View + Edit
Editable View View + Edit View + Edit
Limited View + Edit View + Edit
Private View View View + Edit
Protected View View + Edit
Locked View + Edit

@elct9620
Copy link
Contributor Author

elct9620 commented Jan 8, 2017

看起來我漏看 Editable 這個項目,這樣看起來應該是沒問題的。
那我就以這個設定去新增權限摟。

@jackycute
Copy link
Member

@elct9620 好的,請按照上表新增 limitedprotected 這兩個權限就好,其他已有的權限不要更動,謝謝!

jackycute
jackycute reviewed Jan 8, 2017
View reviewed changes
README.md
Still in the early stage, feel free to fork or contribute to HackMD.

Thanks for using! :smile:

[docker-hackmd](https://github.com/hackmdio/docker-hackmd)
---

Before you go too far, here is the great docker repo for HackMD.
Before you go too far, here is the great docker repo for HackMD.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't remove the trailing spaces, it's for line breaks.

README.md
HackMD lets you create realtime collaborative markdown notes on all platforms.
Inspired by Hackpad, with more focus on speed and flexibility.
HackMD lets you create realtime collaborative markdown notes on all platforms.
Inspired by Hackpad, with more focus on speed and flexibility.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't remove the trailing spaces, it's for line breaks.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

看起來是我編輯器會自動清理掉,已經先加回去了。

README.md
@@ -25,14 +25,14 @@ You can quickly setup a sample heroku hackmd application by clicking the button
[migration-to-0.5.0](https://github.com/hackmdio/migration-to-0.5.0)
---

We don't use LZString to compress socket.io data and DB data after version 0.5.0.
We don't use LZString to compress socket.io data and DB data after version 0.5.0.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't remove the trailing spaces, it's for line breaks.

README.md
We've dropped MongoDB after version 0.4.0.
So here is the migration tool for you to transfer the old DB data to the new DB.
We've dropped MongoDB after version 0.4.0.
So here is the migration tool for you to transfer the old DB data to the new DB.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't remove the trailing spaces, it's for line breaks.

@elct9620 elct9620 changed the title Add options to limit anonymous view note WIP: Add options to limit anonymous view note Jan 10, 2017
@elct9620
Copy link
Contributor Author

@jackycute 目前已經把權限補上,不過因為多了兩個權限需要討論一下 Icon 該用哪個比較恰當。

jackycute
jackycute reviewed Jan 10, 2017
View reviewed changes
lib/models/note.js
@@ -23,7 +23,7 @@ var logger = require("../logger.js");
var ot = require("../ot/index.js");

// permission types
var permissionTypes = ["freely", "editable", "locked", "private"];
var permissionTypes = ["freely", "editable", "locked", "private", "limited", "protected"];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would prefer the order from loose to tight, like:
freely, editable, limited, private, protected, locked

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok

public/js/index.js
@@ -2285,6 +2295,14 @@ function updatePermission(newPermission) {
label = '<i class="fa fa-hand-stop-o"></i> Private';
title = "Only owner can view & edit";
break;
case "limited":
label = '<i class="fa fa-hand-shield"></i> Limited';
title = "Signed people can view and edit"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For consistency, please use Signed people can view & edit

public/views/body.ejs
@@ -19,6 +19,8 @@
<li class="ui-permission-editable"><a><i class="fa fa-shield fa-fw"></i> Editable - Signed people can edit</a></li>
<li class="ui-permission-locked"><a><i class="fa fa-lock fa-fw"></i> Locked - Only owner can edit</a></li>
<li class="ui-permission-private"><a><i class="fa fa-hand-stop-o fa-fw"></i> Private - Only owner can view &amp; edit</a></li>
<li class="ui-permission-limited"><a><i class="fa fa-shield fa-fw"></i> Limited - Signed people can edit &amp; view</a></li>
<li class="ui-permission-protected"><a><i class="fa fa-hand-stop-o fa-fw"></i> Protected - Only owner can edit</a></li>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please re-order the permission from loose to tight, see above.

@jackycute
Copy link
Member

For more clearly to describe the new permissions, I would like to suggest some wording and icon:

  • limited: Signed people can edit & guest can't view
<span class="fa-stack" aria-hidden="true">
    <i class="fa fa-shield fa-stack-1x"></i>
    <i class="fa fa-circle-thin fa-stack-2x"></i>
</span>
  • protected: Only owner can edit & guest can't view
<span class="fa-stack" aria-hidden="true">
    <i class="fa fa-hand-stop-o fa-stack-1x"></i>
    <i class="fa fa-circle-thin fa-stack-2x"></i>
</span>

@jackycute
Copy link
Member

jackycute commented Jan 10, 2017
edited
Loading

Please also modify public/views/body.ejs for the stack icon.

@elct9620
Copy link
Contributor Author

2017-01-10 4 29 38

我覺得 stack 並沒有很統一的視覺效果,換其他方法處理會比較好。

P.S. 因為我認為視覺效果會有差異,所以就先沒有去修改 body 的部分。

@jackycute
Copy link
Member

hmm stack icon 確實比較寬胖,我再找找看好了 😢

@jackycute
Copy link
Member

How about:

  • limited: fa-exclamation-circle
  • protected: fa-umbrella

@elct9620
Copy link
Contributor Author

看起來可以接受,再不混淆的情況下這兩個算是蠻明確的 XD
來更新一下這部分⋯⋯

@jackycute
Copy link
Member

還有什麼值得注意的地方嗎?好像差不多可以 merge 了

@elct9620
Copy link
Contributor Author

目前看起來似乎沒有了,package.json 的版本號要跳到 0.6.0 還是用 0.5.1 就可以了?

@jackycute
Copy link
Member

只有一點點擔心那個 limited 用驚嘆號 icon 會不會被誤會

版本號的話要等 0.5.1 排定的 issue 都解了才會升級,請見 https://github.com/hackmdio/hackmd/milestone/10

@jackycute
Copy link
Member

limited icon 改用 fa-id-badge 或是 fa-id-card-o 怎麼樣? @elct9620

@elct9620
Copy link
Contributor Author

如果是要以 fa-id-badge 這一系列的話,也可以考慮 fa-user 之類的?

所以版本方面維持 0.5.0 嗎?還是放到 0.5.2 之類的?沒記錯貢獻指南有寫說要自己更新版本號

@jackycute
Copy link
Member

jackycute commented Jan 10, 2017
edited
Loading

fa-user 系列未來有可能用的到所以想保留,fa-id 系列有區隔性可以拿來用,主要看識別度有沒有比較高

版本號不用動沒關係,我會跟著 0.5.1 一起把這個 PR 釋出

@elct9620
Copy link
Contributor Author

Ok, 這樣的話我覺得 fa-id-card 這一系列的相對來說比較清楚。

@jackycute
Copy link
Member

摁,那就 fa-id-card 或是 fa-id-card-o 選一個跟其他權限圖示相似風格的吧,感謝 😄

@jackycute
Copy link
Member

Thanks @elct9620, let's merge this.

@jackycute jackycute merged commit a8068d3 into hackmdio:master Jan 10, 2017
@elct9620 elct9620 deleted the feature/disable_anonymous_view branch January 10, 2017 12:28
@elct9620 elct9620 changed the title WIP: Add options to limit anonymous view note Add options to limit anonymous view note Jan 10, 2017
@jackycute
Copy link
Member

I've made some changes in 5f65795 and 8b378d7

@jackycute
Copy link
Member

And also 86f0b10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jackycute jackycute jackycute left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@elct9620 @jackycute