File > Configure > Privacy Preview -- As a Data Owner, I want to create a differentially private view of my metadata so that anyone can see it

[djbrooke]

We should allow Data Owners to enable differentially private access for sensitive files that currently cannot be safely shared. This can be considered done even if the researcher cannot explore the differentially private metadata.

https://docs.google.com/presentation/d/1rPpaHNW-5QIskYvn_4afzXzU_wcdkZb2SjEDhpUhhLs/edit#slide=id.g26f2e4bd68_0_36

[mheppler]

Reviewed the workflow slides with @TaniaSchlatter this morning and will be adding mockups to this issue upon finalization.

[mheppler]

NOTE: Backend prerequisite, issue #4230

Here is an outline the proposed UI changes.

UI IMPACT

Dataset pg

• Configure > Privacy Preview, new "Configure" dropdown button will be added to each tabular file row in file table, and will also include current "Map" option for Geoconnect
• Privacy-Preserving Data Preview popup, info msg explaining PSI tool, links to PSI with Configure button
• Warning msg, "manual refresh..."

File pg

• Configure > Privacy Preview, new "Configure" dropdown button will be added to action button area at top of pg for tabular files
• Privacy-Preserving Data Preview popup, help msg explaining PSI tool, links to PSI with Configure button
• Warning msg, "manual refresh..."

NOTE: See issue #4234 for the rest of the workflow, which includes exploring the privacy preview in TwoRavens.

QUESTIONS

• Is the new Configure button for PSI (and Geoconnect) kosher?
• Is the Privacy-Preserving Data Preview popup title modular enough compared to the Configure dropdown option text?
• How do we get a success msg on the pg? Do we need a success msg (if TwoRavens handles the info msg and privacy preview selection)?

MOCKUPS

[pdurbin]

@matthew-a-dunlap please use branch 4230-4233-external-tool-psi. I will ping you if I want to re-merge my branch for #4230 into it.

[pdurbin]

@dlmurphy as we discussed I just merged 4233-PSI-data-owner into 4230-4233-external-tool-psi. I'll delete the former and when you are unblocked on the "TO BE ADDED" items, please use the latter.

[matthew-a-dunlap]

Question about the modular dropdown:

• Should we only show the psi tool option to logged in users?
• If there are no options in the dropdown (for example if the user is not logged in) should we hide the dropdown?

Other questions:

• Should clicking psi from the pop-up open a new tab instead of directing the current one?
• If the above is yes, I assume the warning message is then triggered on the dataverse page about refreshing?

@mheppler @TaniaSchlatter

[scolapasta]

Configure options will need to be not just for logged in users, but only if you have edit dataset permission. (As the result of the configure will call apis that edit)

[mheppler]

@matthew-a-dunlap Gustavo should have covered your first two button questions. Yes and yes for your "other questions". I can stop by if you'd like to talk through the workflow in more detail.

[matthew-a-dunlap]

Here is the list of code review feedback on the UI side of modular configure:

• The logic for what tools to show for a file should be moved out of the UI and instead be at creation of the list of handlers for the files.
  • Eventually we will likely add the file to the configurations themselves. At the moment we will only have infrastructure to write back in specific cases (e.g. psi fuzzy summary statistics) so file typing is less important. A comment will be left in the code about this
• Even if the handler list is well populated, passing the full list up front does not work for the UI from a lazy loading perspective
  • The one issue I (Matthew) see is that the datasetPage generates a giant list of all tools for all files on load of the page. While this is not passed to the UI it may be better to get the individual per-file lists as needed
• Make sure popup matches map logic on when to show buttons when dataverse is a widget (e.g. shown in an iframe)