Comments (12)
Yes, audit is a permission role.
I didn't quite follow your comment about adding audit functionality. I added possibility to
change nomos scanner report result but 'Audit/Edit concluded license' are as they
exist in 2.6.x versions.
I just tried to make access to that functionality more user friendly.
This picture illustrate 'View License' when concluded license is not set.
Buttons are visible which indicates that this file has not been reviewed. Concluded license
can be set either selecting 'Edit concluded license' button or selecting 'Audit' from micromenu.
When the concluded license is set then buttons are not any more visible in 'View License'
view as shown in the picture below. However, the concluded license can be changed still
by selecting 'Audit' from micromenu.
By the way 'One-shot copyright/emailURL' option in micromenu is not logical. I think it
should be removed and if needed it can be selected from 'Upload' menu.
Br,
Raino
from fossology.
for item 1:
admin should have the audit permission, still have to add this specific permission(user)?
for item 3:
set concluded license on files, not understand very well.
files here means files with same licenses or one directory or any selected files on an upload, others?
for item 4:
still show concluded licenses even has audit licenses?
for item 5:
have to define Change license for license scanner/Concluded license/Audit license more clearly, possible will confuse users if not.
from fossology.
Item 1:
Currently if a user who has upload right he automatically has also right to edit (concluded) license.
From governance point of view it is ok that designers may have right to upload and scan packages but
license review is done by other people (license reviewers). I think Admin right should be reserved
for tool administrators. Therefore I propose a new permission level.
Item 3:
Hopefully attached picture clarifies this. In many case it is clear what the concluded license
on file level is, for example in case when only one license is detected by a scanner. In these
cases the concluded license could be selected directly from the 'List Files for License' view.
Item 4:
Selecting 'Edit concluded license' and 'Audit' open the same view. Maybe the names should be identical?
Item 5:
I agree. The naming could be different. Also adding this new permission level helps this
because then the ordinary user does not see these options (buttons) at all, only the reviewers who
should know the tool features better.
from fossology.
rlintu, thanks for your explanation.
I talked with bob on Tuesday on this issue.
from bob's perspective, audit is just a permission role, this role has the permission to change the license scanner report and edit conclude license, do not have to add audit functionality.
ideas?
from fossology.
from my previous point:
no audit features, just have audit roles (this role is able to do all the license review jobs), Audit micro-menu is not necessary because it is same as 'Edit concluded license'.
however, after I reading your comment above, your idea is more make sense to me, need talk with others. from bob's perspective, we need more more discussions from the whole team, it seems that the guys from siemens also have ideas on Audit.
-Larry
from fossology.
a lot has changed then, I am inclined towards closing the ticket, because while there is not a spcieal audit role, the edit and review support in the UI has much improved. Pushing back therefore and candidate for closing. Please speak up if parts of it should be still in or differently scheduled.
from fossology.
Lot of changes indeed. It is quite difficult to follow what is happening. About the original idea to separate rights to upload and schedule agents and right to set concluded license. How is that done now? Using group rights?
from fossology.
Now, it is like there is a read-access role and there is a read-write-access role (in addition to the admin role). Accordingly, there is is distinction between tasks. I think what is needed here is to have a comprehensive view, if we want to have something like more process oriented roles (Uploader / Customer, Clearing Expert, ...) which sounds good in general.
More feedback?
from fossology.
For 3.0 current permission setup is manageable, I mean give read-write permissions only few people and make clear instructions what to do and what you cannot do even you have rights to do.
For later releases I support your comment on process oriented roles. However, for 3.0 I would like to see this bug corrected
#524
from fossology.
Well, the global permissions like read-write do only affect the upload itself (e.g., the description), but not the decisions.
There are three permission levels within a group: User, Advisor and Admin. A [group] User can conclude license, but not change the assignee for an upload. An Advisor can also change the assignee or reject the clearing. A [group] Admin can additionally manage the permissions within the group.
A fourth group role, e.g. Observer, for those how cannot change the concluded license, might be good.
from fossology.
observer roles makes sense. I am not seeing this super urgent (hence 3.2.0 milestone) because in most cases, people should have an understanding about OSS licensing before using fossology. Please object if you do not agree.
from fossology.
actually catching up with this issue is difficult, so the only open point was opened here:
#1091
from fossology.
Related Issues (20)
- Search functionality for Software Heritage Page and search and filter functionality of file browser page is not working
- scancode fails HOT 3
- "Skip MimeTypes from scanning" Feature is Not Working HOT 2
- spdx2tv report generation failed with PHP Fatal error: Uncaught Error: Call to a member function getId() on null in /usr/local/share/fossology/spdx2/agent/spdx2.php:358
- Add more unit test cases for upload, group, license and folder APIs.
- Add more unit test cases for maintenance & upload tree APIs
- Failed to build Fossology docker image HOT 18
- Add unit test cases for Permissions, LicenseCandidate,Group , FileInfo, Decider, and Agent models.
- Scancode fails if started from License Browser Page
- Duplicate License-Entry for CMU-Mach
- Add support of version 2 for all possible controller test cases.
- Improve and add more test cases for models.
- nomos notes out of date
- Readmeoss report doesnt contain copyright and licenses for larger package HOT 3
- Export all the entries of the license list from the Fossology UI or Command line. HOT 2
- Bulk scan with "Scan files with findings" might miss relevant files HOT 3
- Fossology postinstall fails after restarting container
- Bug: FoScanner.py, "string indices must be integers" HOT 5
- Maintenance job is stuck forever in fossy versioin 4.4.0.63 HOT 7
- Error when running post installation script HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fossology.