Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How should we manage ARIA-AT App roles? #436

Closed
s3ththompson opened this issue May 20, 2021 · 5 comments
Closed

How should we manage ARIA-AT App roles? #436

s3ththompson opened this issue May 20, 2021 · 5 comments
Labels
process Related to processes for governing and managing the ARIA-AT project Requirements Specified Applied after community group consensus has been reached on an issue.

Comments

@s3ththompson
Copy link
Member

s3ththompson commented May 20, 2021
edited
Loading

Currently, ARIA-AT App manages user logins with GitHub Oauth and user roles by checking membership of specific GitHub teams under the w3c org. Testers, admins, and developers must be added to the appropriate w3c team for the app to grant them the correct permissions. Unfortunately, due to how GitHub teams work, team members must first be added to the team's parent org.

When we last onboarded users for the pilot test, these teams (and the ARIA-AT App repo) were still under the bocoup org and the process for adding users was (relatively) lightweight. Now that the repo and teams live under the w3c org, we need to contact the appropriate person at the w3c to manually add new users to the w3c GitHub org before we can add them to the correct team. This is unnecessary overhead and potentially a misuse of w3c org membership.

More broadly, it would be great to revisit our working mode criteria for testers. Is there any way to reduce the number of obstacles for contributing test results?

Here are a few different options:

  • We create an ARIA-AT GitHub org, just for the purpose of managing user roles via team membership
  • We move user roles to an alternative (perhaps file-based) allowlist. This file could live in the repo, on the wiki, or somewhere else.
  • We keep roles under W3C org teams, but only for admins. We allow any motivated tester to log into the app (with a softer requirement to seek help from the community group before contributing results.)

This issue was uncovered while working on #421 with @AlyssaGourley.
@s3ththompson s3ththompson added Agenda+App Development For discussion during the next teleconference related to development of the ARIA-AT App Agenda+Community Group To discuss in the next workstream summary meeting (usually the last teleconference of the month) process Related to processes for governing and managing the ARIA-AT project labels May 20, 2021
@alflennik
Copy link
Contributor

alflennik commented May 20, 2021
edited
Loading

We keep roles under W3C org teams, but only for admins

That's a nice solution! After all, admins still will get a chance to review any content testers create, so little damage can be done. I'll be curious to hear what others think today.

@s3ththompson s3ththompson mentioned this issue May 27, 2021
Closed
@s3ththompson
Copy link
Member Author

Per our conversation in the last meeting, we will keep Admins managed under w3c teams, but implement an alternative allowlist for Testers.

To begin, this could be a list that is maintained as part of the w3c/aria-at repo (either a wiki page or a checked-in allowlist). In the long run, we should consider an in-app approval mechanism which would greatly improve UX and make it easier for Testers to request the right permissions. See tracking issue on the ARIA-AT App repo here: w3c/aria-at-app#300

@s3ththompson s3ththompson added the Requirements Specified Applied after community group consensus has been reached on an issue. label May 27, 2021
@mcking65
Copy link
Contributor

@s3ththompson
Can we remove the agenda labels now? or, do we need more discussion?

@s3ththompson s3ththompson removed Agenda+App Development For discussion during the next teleconference related to development of the ARIA-AT App Agenda+Community Group To discuss in the next workstream summary meeting (usually the last teleconference of the month) labels May 27, 2021
@s3ththompson
Copy link
Member Author

@mcking65 oops, I meant to do that and somehow missed them. Done.

@s3ththompson
Copy link
Member Author

Closed by w3c/aria-at-app#304, to be documented in #420.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
process Related to processes for governing and managing the ARIA-AT project Requirements Specified Applied after community group consensus has been reached on an issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@s3ththompson @alflennik @mcking65