[ABTEST-485] Editor and publisher roles should have permission on ABn Testing Created: 07/Jun/21  Updated: 16/Jul/21  Resolved: 14/Jun/21

Status: Closed
Project: A/B Testing
Component/s: None
Affects Version/s: None
Fix Version/s: 1.0

Type: Story Priority: Neutral
Reporter: Nguyen Phung Chi Assignee: Chuong Doan Huy
Resolution: Fixed Votes: 0
Labels: VN-Analysis, VN-Implementation, VN-Testing
Remaining Estimate: 0.25d
Time Spent: 2.8d
Original Estimate: Not Specified

Attachments: PNG File image-2021-06-08-10-13-59-799.png    
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Documentation update required:
Yes
Epic Link: ABn GA tasks
Sprint: Content Mngmt 5, Content Mngmt 6
Story Points: 5

 Description   

Situation

At the moment, only superuser can:

  • view the list of ABn Test in ABn Testing app
  • create an new ABn Test

There are "editor, "publisher" roles installed by default in Magnolia.

Any users with those roles, they have access to Pages app, but if there is an AB Test setup on any page, they got error when access Pages app because a page is linked to an AB test which they have no access to ABn Testing workspace:

To setup an AB test that targeting specific audience (Segment), those users also need to have permission on Segments workspace. For instance, eric user can't see anything on Segments app at the moment.

Expected result

  • The existing users with "editor", "publisher" roles should see the ABn Testing status in Pages app
  • Have a separate ab-tester role for Admin 

Solution

  1. Grant ReadOnly permission on ABTesting (Segments check) workspace to "editor", "publisher" roles 
  2. Create a new role named "ab-tester" which provides to clients a convenience way to have user with a minimal permission to create and start AB test.
    Here are some permissions needed:
    • Read/Write on any sub-nodes from "/" on Website workspace
    • Read/Write on any sub-nodes from "/" on AB testing workspace
    • Read/Write on any sub-nodes from "/" on Segment workspace
    • Read/Write on any sub-nodes from "/" on Personas workspace
    • Read/Write on any sub-nodes from "/" on Dam workspace
    • ReadOnly on selected node "/ab-tester" on userRoles workspace
    • Web access on " * " with Get & Post
  3. Also allow this role to see "Target" group in config.appLauncherLayout.groups.target because the existing "editor" role doesn't able to see the group (mean can see ABn Testing app)
  4. Check the Read permission in TestStateColumnDefinition#apply (line 98) and {{HasRunningABTestRule#isAvailableFor }}(line 46) to avoid blocking exception in Pages app (users unable to expand the page tree)

Dev notes

Implement by using AddPermissionTask in ABTestingVersionHandler class 

Using PermissionUtil.isGranted(ABRepositoryConstants.WORKSPACE, "/", Session.ACTION_READ) to check permission

 


Generated at Sun Feb 11 22:56:42 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.