Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Let each permission refine its algorithms and store data. #66

Merged
merged 4 commits into from
Apr 8, 2016
Merged

Let each permission refine its algorithms and store data. #66

merged 4 commits into from
Apr 8, 2016

Conversation

jyasskin
Copy link
Member

domenic
domenic reviewed Mar 11, 2016
View reviewed changes
index.html
@@ -244,9 +269,71 @@
</dt>
</dl>
<p>
The <code>PermissionName</code> enum defines the list of known
permission names.
Each enumerator-value in the <a>PermissionName</a> enum identifies a
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

enumerator-value is a weird term I've never heard before. Is it a C++ thing? Prefer "enumeration value" or "enum value".

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a funny mix of C++ and WebIDL. Oops. Fixing.

@jyasskin
Copy link
Member Author

I think this is ready for a serious look now, @marcoscaceres @mounirlamouri. Feel free to tell me to split it up into a couple different PRs.

domenic
domenic reviewed Mar 11, 2016
View reviewed changes
index.html
A <dfn data-export="">permission request algorithm</dfn>
</dt>
<dd>
Takes the previously-stored <a>permission storage type</a>, an
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This paragraph needs a few "instance of"s inserted as well.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@jyasskin jyasskin force-pushed the allow-choosers branch 3 times, most recently from ba01b3a to 4fe83ad Compare March 11, 2016 22:50
@jyasskin
Copy link
Member Author

See https://rawgit.com/jyasskin/web-bluetooth-1/permission-api/index.html#permission-api-integration for the beginning of Web Bluetooth's use of these new hooks.

@raymeskhoury
Copy link
Collaborator

Hey Jeffrey, a few random thoughts (some are not solely related to your edits):
-It initially hard to see which parts were external/exposed APIs vs internal constructs. e.g. PermissionDescriptor and PermissionStatus are external JS APIs - they must be complied with precisely whereas PermissionStorage is merely meant to help define storage behavior. Would it be helpful to draw a more clear line between those two groups?
-I also found it a bit hard to draw the distinction between required and recommended behaviors. It seems as though there should be room for UAs to handle permissions in ways that are outside of those currently specified behavior (for example, we have policy settings in Chrome that can override permissions). I don't think this is directly related to your edits.
-In relation to the above two points, perhaps a top-down restructuring of the spec could be helpful? External APIs and high level, required behaviors specified first and per-API behaviors, more subtle recommended behaviors, implementation details, etc. specified after? I'm no spec writer though :)
-I didn't think we were going to draw a distinction between an origin-based and embedding-based permission storage identifier instead leaving it up to the UA. I just pinged Mounir asking about this because we had chatted about it earlier. If it turns out to be the case does the permission storage identifier need to vary per-permission?

@jyasskin
Copy link
Member Author

Thanks for the comments!

It initially hard to see which parts were external/exposed APIs vs internal constructs. e.g. PermissionDescriptor and PermissionStatus are external JS APIs - they must be complied with precisely whereas PermissionStorage is merely meant to help define storage behavior. Would it be helpful to draw a more clear line between those two groups?

Yeah. The traditional way to distinguish these would be to avoid describing PermissionStorage in IDL. However, that loses IDL's precision about what's stored, which I think is helping Bluetooth (I should be able to show you that tomorrow). I left a note saying PermissionStorage isn't exposed, but if you have other suggestions, I'm happy to take them.

I also found it a bit hard to draw the distinction between required and recommended behaviors. It seems as though there should be room for UAs to handle permissions in ways that are outside of those currently specified behavior (for example, we have policy settings in Chrome that can override permissions). I don't think this is directly related to your edits.

Right, I think that's pre-existing. In most cases, I think we can say "the UA may customize the permission prompt, including auto-granting and auto-denying it" and "the UA may revoke at any time", and that's enough? I'd like to fix that in a separate PR, to keep this one from growing much more.

In relation to the above two points, perhaps a top-down restructuring of the spec could be helpful? External APIs and high level, required behaviors specified first and per-API behaviors, more subtle recommended behaviors, implementation details, etc. specified after? I'm no spec writer though :)

Probably. Again, I want to keep rearrangements separate from the API extension.

I didn't think we were going to draw a distinction between an origin-based and embedding-based permission storage identifier instead leaving it up to the UA. I just pinged Mounir asking about this because we had chatted about it earlier. If it turns out to be the case does the permission storage identifier need to vary per-permission?

Yeah, if it's always PermissionName + origin + UA-specific data, I think we can drop the identifier hook. I'll let Mounir confirm and then do that in my next update.

@beaufortfrancois beaufortfrancois mentioned this pull request Mar 15, 2016
Closed
@jyasskin
Copy link
Member Author

The identifier hook is gone. PTAL.

This was referenced Mar 22, 2016
Closed
Closed
@mounirlamouri
Copy link
Member

At a high level I agree with the changes here. Though, it's a very large CL and I can't realistically review this. Could you split this in a few parts:

  • the commit that export the retrieve a permission (CC @tobie)
  • the PermissionStorage definition
  • the rest of the changes (I might ask you to split more but at least, I will have a better visibility -- keep the commits separated, it might be easier)

Also, could you remove tidy changes? It seems that we have issues with your tidy runs getting other results than mine. You are not the first person. I would like to figure this out before every one changes the spec to match its own tidy runs.

@jyasskin jyasskin force-pushed the allow-choosers branch 3 times, most recently from 6112fbb to e3666ca Compare March 23, 2016 23:17
@jyasskin
Copy link
Member Author

Ok, I've split out a bunch of separate PRs that build on each other. I haven't yet undone the Tidy changes, and I've squashed the remaining changes in this PR since the individual commits were getting incoherent.

@tobie
Copy link
Member

tobie commented Mar 23, 2016

I haven't yet undone the Tidy changes

OK, sorry for bitching in the other PR, then. :/

@jyasskin
Copy link
Member Author

I've noticed that PushMessagingPermissionContext::DecidePermission checks for requesting_origin == embedding_origin, which doesn't fit into the current permission request algorithm arguments.

If it's ok with you folks, I'd like to get the current PR merged, and then fix up details like this in subsequent smaller patches.

@jyasskin jyasskin mentioned this pull request Mar 29, 2016
Merged
@jyasskin jyasskin mentioned this pull request Apr 1, 2016
Closed
jyasskin and others added 4 commits April 5, 2016 06:52
@jyasskin
Define a PermissionStorage type for each permission to store data with.
62e24ce 
This is separate from the PermissionStatus that gets returned to users and from
the PermissionDescriptor that users query the permission with.
@jyasskin
Make it clearer that PermissionStorage isn't exposed to JS.
0af8292
@jyasskin
Let each permission refine its query and request behavior.
12b5ce5 
This defines a "permission" as a collection of types and algorithms used to
manage and store information about a user's consent to use platform
capabilities.
@jyasskin
Add defaults for permission types and algorithms, and rename "binary"…
586fdaa 
… to "boolean".
@jyasskin jyasskin merged commit 586fdaa into w3c:gh-pages Apr 8, 2016
@jyasskin jyasskin deleted the allow-choosers branch April 8, 2016 22:01
jyasskin added a commit to jyasskin/permissions that referenced this pull request Apr 17, 2016
@jyasskin
Rename the "associated PermissionDescriptor" to the "permission descr…
24a8284 
…iptor type".

As requested in w3c#66.
@jyasskin jyasskin mentioned this pull request Apr 17, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jyasskin @raymeskhoury @mounirlamouri @tobie @domenic