As @theprogram said, I believe we need an admin to investigate what FAS groups are associated with the ‘Fedora Magazine’ and determine what FAS groups have access to it.
We wish to use the topic to track the article through our workflow. Since each user opening a topic should have a FAS account and have signed the FPCA it seems like being a ‘fedora contributor’ would an adequate requirement. But, knowing next to nothing about how Discourse handles SIG, TLs, etc. I’m working in the dark.
Our problem arises when we need to transfer/reassign the topic to a new “owner”. This happens when someone new takes over an article or when an editor must open the topic for the writer.
Looking at Fedora package for step-ca from smallstep and trying to assign the topic to “sdgathman” I get the response “No matches found”
Checking his FAS settings I see “Fedora Project Contributor Agreement” appears to be signed for “sdgathman”.
Is there a refresh step I need to take? Or perhaps “fedora-contributor” in Kerberos isn’t “linked” to the contributors that Discourse knows about?
With some of our systems, even with a Fedora account, one must log in to said system one time for the user data to populate that system.
Is sdgathman on Discourse as well as Fedora Accounts?
I don’t think this has anything to do with fedora-contributor. Also, sdgathman is member of fedora-contributor according to Discourse. So the link from FAS to Discourse is there with regards to fedora-contributor
I still think you should go for the TL issue and test that, at least to exclude it: at the moment, you seem to work mostly with assumptions. It might be useful to exclude some. That said, at this time we can say, if assigning is limited to a TL, then it is TL3+, not TL2+. Someone at some time has locked @rlengland and @glb at TL3. So maybe there is a reason for that: it could be this one, because there are other ways to give you access to a team space. So that might be an explanation for both.
If I was admin without a documentation of why things are configured the way they are, I would not change settings without verifying + (dis)proving assumptions as far as possible, and it should be easy to test if TL3 is a positive correlation or not (unless you know for sure someone with TL2 you have already assigned something?). If we could prove this is always a positive correlation, we have something concrete for the admin to change in order to then test it.
Or alternatively, I can set sdgathman temporarily to TL3: then we can see if you can assign them something then. But I would do that when we are both here so that I can remove the TL3 immediately again after the test. That way, we can prove it easily.
Are you available the next 20 minutes @rlengland or @glb ?
Addition, concerning groups, and I am now talking from the data Discourse is working with (so data that was already transferred from FAS to Discourse; I retrieve it from Discourse): sdgathman [1] differs from rlengland [2] only in the following ways:
[1] is in “packager”, [2] is not.
[2] is in “magazine-editors”, [1] is not.
[2] is TL3, [1] is not.
[1] is in fedora-contributor, [2] is not (!).
I have to leave for about 20 minutes, I leave them TL3 for now. You might try again in 15 minutes. I don’t think the system needs more time to synchronize, but give it a few minutes, just in case. Then I would remove the TL3 again in 20 minutes.
Didn’t work out I assume? (I didn’t remove the TL3 yet)
Supplement: I am not sure if a re-test after 15 minutes or so has been done, so I leave them TL3 for the next two hours, so that you can test again if you want to verify. I will remove the TL3 in 2 hours when the bookmark reminds me
Reviewing the screenshot of the suggested people to assign, I wonder that all people that are shown at first glance in the “suggested list” are people I know and who are part of additional groups here. Maybe assignment is possible if someone is member of any specific group, such as ANY OF “staff” OR “magazine-editors” OR “moderators” (it might be also only magazine-editors and only any one of the other two*). This definition is based on the shown names of the screenshot (I am aware that’s not all possibilities of the list at all), and it is derived from the data about the groups the “suggested users” have in common and not in common, but excluding the groups those have who are NOT in the list (such as sdgathman).
* So those I know from the list are all either magazine-editors OR both staff & moderators, but I removed packager and fedora-contributor from the possibilities as sdgathman is not in the list while he has these two memberships.
Anyway, I can then only refer this to @kevin , @nb or @mattdm , and mention that it is not a trust level problem as we verified that some TL3 work and others don’t, and reference the information about group memberships above in this post and above in another post, just to avoid double-work. Let’s see if anyone finds time to work on this.
Others have attempted what we are trying and commented on their experience here:
It was stated in that series of comments that the default group is “staff” and that setting assign allowed on groups to trust_level_0 would allow anyone to be assigned to topics.
That mostly makes sense when put in contrast to the groups of those who can and cannot be assigned something. But I assume this has been already modified on our side, and now it likely is “staff” OR “magazine-editors” (as you and Richard are magazine-editors, but neither mod nor staff). Alternatively “our behavior” would comply to EITHER “staff” OR (“magazine-editors” AND TL3). A site admin might adjust this quickly once one has time, if that is the whole issue.
Does it maybe make sense to use TL1 as entry barrier? A user should maybe at least invest the basic 10 minutes to get TL1 before getting any privilege? Just a thought, your decision of course
Yes. I wish the setting did not grant any privilege, but unfortunately, if I’m understanding correctly, it does. It might grant them the ability to see that “Assign” button at the bottom of posts and use it. I wish there was a setting that would only set to whom topics could be assigned without granting any privilege to the target group.
I’ll reattempt the TL3 test now …
