Dataverse: File > Configure > Privacy Preview -- As a Data Owner, I want to create a differentially private view of my metadata so that anyone can see it

Reviewed the workflow slides with @TaniaSchlatter this morning and will be adding mockups to this issue upon finalization.

NOTE: Backend prerequisite, issue #4230

Here is an outline the proposed UI changes.

UI IMPACT

Dataset pg

• Configure > Privacy Preview, new "Configure" dropdown button will be added to each tabular file row in file table, and will also include current "Map" option for Geoconnect
• Privacy-Preserving Data Preview popup, info msg explaining PSI tool, links to PSI with Configure button
• Warning msg, "manual refresh..."

File pg

• Configure > Privacy Preview, new "Configure" dropdown button will be added to action button area at top of pg for tabular files
• Privacy-Preserving Data Preview popup, help msg explaining PSI tool, links to PSI with Configure button
• Warning msg, "manual refresh..."

NOTE: See issue #4234 for the rest of the workflow, which includes exploring the privacy preview in TwoRavens.

QUESTIONS

• Is the new Configure button for PSI (and Geoconnect) kosher?
• Is the Privacy-Preserving Data Preview popup title modular enough compared to the Configure dropdown option text?
• How do we get a success msg on the pg? Do we need a success msg (if TwoRavens handles the info msg and privacy preview selection)?

MOCKUPS

@matthew-a-dunlap please use branch 4230-4233-external-tool-psi. I will ping you if I want to re-merge my branch for #4230 into it.

@dlmurphy as we discussed I just merged 4233-PSI-data-owner into 4230-4233-external-tool-psi. I'll delete the former and when you are unblocked on the "TO BE ADDED" items, please use the latter.

Question about the modular dropdown:

• Should we only show the psi tool option to logged in users?
• If there are no options in the dropdown (for example if the user is not logged in) should we hide the dropdown?

Other questions:

• Should clicking psi from the pop-up open a new tab instead of directing the current one?
• If the above is yes, I assume the warning message is then triggered on the dataverse page about refreshing?

@mheppler @TaniaSchlatter

Configure options will need to be not just for logged in users, but only if you have edit dataset permission. (As the result of the configure will call apis that edit)

@matthew-a-dunlap Gustavo should have covered your first two button questions. Yes and yes for your "other questions". I can stop by if you'd like to talk through the workflow in more detail.

This has taken longer than expected but is 90+% done. Here is the checklist: [removed and updated below]

Also, the Dataset configure dropdowns should use better logic to know if it has any entries, but this is not easily done with our hardcoding of map into the list, so I think it is best to defer it until geoconnect becomes a real modular option.

Discussed with Mike how the file page should have its own configure dropdown instead of being part of "edit". In light of this, I was able to majorly refactor my code and address concerns I had about reuse and efficiency. There are still outstanding issues tho:

• [x] File page PSI popup width
• [x] Dataset PSI popup is super weird (fixed by moving it out of < li > tag ).
• [x] Dataset configure dropdowns blocked by edge of file table (Mike said he'd handle this one)
• [x] Configure dropdown hide logic assumes psi is enabled no matter what
• [x] Pull in develop or Phil's branch
• [x] Make popup modular, no psi specific

Due to this change / refactor this was not completed. I plan to ask for help tomorrow.

The above checklist is up to date. I have started with the merge but have one outstanding question for Phil.

@mheppler this branch is ready for you to do you UI fixes. The one UI thing to note is that I have implemented the alert text to be fairly generic instead of what is in the mock-up above. As we move forward we could have an entry in our modular config for the text when there is an alert, but it seemed like there maybe should be more discussion before going this route. See below for a screenshot.

I have started with the merge but have one outstanding question for Phil.

What's your concern, @matthew-a-dunlap ?

Improved style/format for message block and info popup for privacy-preserving preview on dataset pg.

Note: @dlmurphy -- I tried to revise the text that goes with PSI tool in the modular configure popup.

@mheppler I've further revised the text for that popup. I've made it more about what PSI is and what it allows, since this will be many users' first exposure to it. I left out the info about how to use the tool, since the budgeter tool itself contains a thorough tutorial. It's up to you whether you want to include that hyperlink! It leads to a paper meant to explain PSI to a non-technical audience.

Privacy-Preserving Data Preview
Use the PSI Budgeter tool to create safe, privacy-preserving summary statistics for this data file. The tool protects data using the differential privacy framework. It allows you to introduce just enough noise into your summary statistics to ensure privacy while still allowing a useful (if blurry) window into the contents of your data. Dataverse users will be able to explore a preview of your data without any danger of exposing private information.

@dlmurphy @mheppler I'll add that text change in after finishing up this big merge.

I take that back, we moved those to the psi.json that is no longer in the project! So I can't update it hah.

There is an outstanding need to add exception handling to parseQueryString, which will be done on this branch instead of 4230.

Yes, @scolapasta @matthew-a-dunlap and I discussed this issue and #4230 this morning and we decided that since the issue about the UI is close to being done, we'll have single pull request based on the branch 4230-4233-external-tool-psi that we'll put through QA.

On that branch I've been completing the work for #4230 and I just went to take a look at the GUI for this issue. Unfortunately, as of 553d8d4 I can't create a dataset. I'm getting javax.el.ELException: /dataset.xhtml @1188,163 rendered="#{DatasetPage.sessionUserAuthenticated and DatasetPage.canUpdateDataset()}": javax.ejb.EJBException and Caused by: java.lang.IllegalArgumentException: Cannot query permissions on a DvObject with a null id. I'm attaching the full stack trace. This is the code:

                <p:dialog header="#{configureFragmentBean.configurePopupToolHandler.externalTool.displayName}" widgetVar="configureToolPopup" modal="true" 
                        id="configureToolPopup" styleClass="smallPopUp" rendered="#{DatasetPage.sessionUserAuthenticated and DatasetPage.canUpdateDataset()}">

I was attempting to create the dataset in the root dataverse, if that matters.

create-dataset-in-root-553d8d4.txt

@matthew-a-dunlap said he'd take a look.

Here is the list of code review feedback on the UI side of modular configure:

• [x] The logic for what tools to show for a file should be moved out of the UI and instead be at creation of the list of handlers for the files.
  
  
  
  • Eventually we will likely add the file to the configurations themselves. At the moment we will only have infrastructure to write back in specific cases (e.g. psi fuzzy summary statistics) so file typing is less important. A comment will be left in the code about this
  
  
• [x] Even if the handler list is well populated, passing the full list up front does not work for the UI from a lazy loading perspective
  
  
  
  • The one issue I (Matthew) see is that the datasetPage generates a giant list of all tools for all files on load of the page. While this is not passed to the UI it may be better to get the individual per-file lists as needed
  
  
• [x] Make sure popup matches map logic on when to show buttons when dataverse is a widget (e.g. shown in an iframe)