-
Notifications
You must be signed in to change notification settings - Fork 492
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Require selection of enable access request or adding Terms of Access for restricted files #8191
Comments
|
Thanks @TaniaSchlatter @sekmiller @scolapasta for discussing. The entry point from the terms tab is a bit challenging, since we display restricted file-related options to people who may not have restricted files, and introducing the validation into the workflow could add some confusion. Adding the validation when the entry point is at the file level is easier to implement because we are dealing with someone who is actively restricting a file. Some follow ups:
|
This needs the equivalent of "needs discussion." Any next steps need to be considered in the context of the multiple license work from DANS that's in the 5.10 release. |
For our discussion, there is no real interaction with multiple licenses. The validation rests solely on the presence of restricted files and request access or terms of access settings. If there are restricted files then the dataset must allow access requests or have terms of access provided. For new datasets we are setting request access to true and when a dataset owner restricts a file they will be presented a popup with request access checked. If they uncheck “request access” they must provide terms of access in order to restrict the file. That is, if they press “cancel” on the popup the file will not be restricted. Likewise on the edit terms page, if there are restricted files present, the save button for Edit Terms is inactive while “request access” is unchecked and terms of access are blank. If request access is checked or terms of access are provided then the save button is activated. For existing datasets that have restricted files but are not in compliance with the new requirement we haven’t done anything to bring them into compliance. What has been done so far is to give the owner of the dataset a banner at the top of the dataset which informs them that the dataset is out of compliance with the new requirement and includes a link that opens the Edit Terms page with the “request access” set to true. If they simply press save here that would bring the dataset into compliance. It would also, for published datasets create a new draft version which would have to be published. If they uncheck the request access they would have to enter terms of access in order to re-activate the save button. Also for datasets in draft that are not in compliance publishing is disabled along with most edit functions - except edit terms. |
Thanks @sekmiller. I've revised mockups based on 5.10. I also did a little research on accessibility and disabling buttons. We can review. |
There has not been any feedback from the community about issues requiring Terms of Access or Request Access, so I think we are clear from that perspective. |
FWIW: Having a Data Access Place should be fine. However, Datasets must now have either request access = true or have Terms of Access set. By default new Datasets should be created with request access = true and avoid the warning (the one known exception is if you have an old template that doesn't set it, but the DDI import could be another and should probably be it's own issue.) The 5.11 release notes include a query to find datasets that have this problem. @sekmiller would be able to confirm, but I think 5.12 then had a fix to avoid enforcing this constraint when there aren't any restricted files to apply it to. The work-around before then is to either temporarily restrict a file to turn these fields on in the UI so you can check enable access request, after which you can unrestrict the file, or to edit in the db. |
thanks @qqmyers yes, perhaps we need to look at the DDI import API yes, this is a bit out of date now, and thanks for clarifying we can get this in if Terms of Access are set, would it be set to 'custom'? |
re: would it be set to 'custom'? |
Ok thanks for clarifying @qqmyers , I was confused about the 'custom terms' versus the Terms of Access and Request Access = true. I understand now. We tested this and the Request Access is checked automatically when you add custom terms to the Dataset Terms in the current UI. What we don't understand is why this is needing to be checked for Datasets that have only files that are open access. We did test loading files but not enabling request access at the file level, and this doesn't appear to affect or override end-users access to the open files. The DDI Import API will need some thinking about how to fix this issue to not get the warning, but we will figure out another way to add this in our workflow (likely just updating the JSON to set the Request Access = true). @lubitchv knows more! :) |
and we will try 5.12 release - thanks for that tip @qqmyers |
Overview of the Feature Request
When a file is restricted, a popup appears that allows the user to add terms for accessing the restricted files or allows enabling an access request. The popup can currently be closed without making any changes. After some discussion in the multiple license PR (#7920 (comment)), I'd like to propose that either terms of access or request access must be added. I've added the reasoning below. It makes sense to me but I'd be interested to hear from other installations.
All of this being said, we need to do a better job of surfacing the terms during the data access process. Issue to follow on the presentation of terms to accessors, but I wanted to get this issue in as it's pretty neatly scoped (hopefully ;)).
What kind of user is the feature intended for?
(Example users roles: API User, Curator, Depositor, Guest, Superuser, Sysadmin)
Curator, Depositor, Superuser
What inspired the request?
Discussion in the multiple license PR, linked above. This is related but not within the scope of the license work.
What existing behavior do you want changed?
See above, but the general idea is that our current behavior provides the opportunity to upload data with no real way to get at it, and we're all about data sharing! :)
Any brand new behavior do you want to add to Dataverse?
See above, some extra validation!
Any related open or closed issues to this feature request?
#7691 is related. It covers this and also dips in the license requirement.
The text was updated successfully, but these errors were encountered: