Skip to content

notebooks: add additional sharing capabilities

Created by: novoselrok

Currently, notebooks have two visibility settings: public or private. Public exposes the notebook to everyone on the instance (and logged-out users on Cloud). Meanwhile, a private notebook is only available to its creator.

This severely limits the sharing capabilities of notebooks on Cloud, where you would like to share notebooks that contain private code only within your organization.

Following the example of search contexts and batch changes, we would like to introduce namespaces to notebooks. Each notebook would belong to either a user namespace or an organization namespace.

Summary of read and write permissions

User namespace

  • Public notebooks: everyone can access the notebook, only the creator can edit it
  • Private notebooks: only the creator can access the notebook, only the creator can edit it

Organization namespace

  • Public notebooks: everyone can access the notebook, only organization members can edit it
  • Private notebooks: only organization members can access it, only organization members can edit it

We have to decide if we want to handle changing the notebook namespace separately. If we follow the above rules, something like this could happen: a user (user A) creates a notebook under his namespace, then changes the namespace to an organization (org A) because he wants to share it with its members. Since everyone within the organization can edit the notebook, another organization member (user B) could transfer the notebook to his namespace and effectively "steal" the notebook from org A and user A. We could mitigate this by only allowing notebook creators to change notebook namespaces. In the previous example, only user A could change the namespace.

^ The above paragraph might be over-complicating things and I don't think its worth it to overcomplicate our permission for an unlikely scenario.

Work items:

  • Add namespace columns to the notebooks database table. Set the user namespace column to the creator column.
  • Update notebook database access permissions to account for new namespaces.
  • Update notebooks GQL API to return the namespace parameter for notebooks. Update write permissions check.
  • UI: add list tab for each organization.
  • UI: add share modal clickable prototype which contains the current private/public visibility settings and the new namespaces selector. Source Figma is here