Return-Path: X-Original-To: apmail-incubator-bloodhound-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-bloodhound-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D0F88EA10 for ; Tue, 22 Jan 2013 05:02:23 +0000 (UTC) Received: (qmail 10714 invoked by uid 500); 22 Jan 2013 05:02:23 -0000 Delivered-To: apmail-incubator-bloodhound-dev-archive@incubator.apache.org Received: (qmail 10357 invoked by uid 500); 22 Jan 2013 05:02:14 -0000 Mailing-List: contact bloodhound-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: bloodhound-dev@incubator.apache.org Delivered-To: mailing list bloodhound-dev@incubator.apache.org Received: (qmail 10312 invoked by uid 99); 22 Jan 2013 05:02:13 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jan 2013 05:02:13 +0000 X-ASF-Spam-Status: No, hits=2.8 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS,URIBL_BLACK X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of olemis@gmail.com designates 209.85.223.174 as permitted sender) Received: from [209.85.223.174] (HELO mail-ie0-f174.google.com) (209.85.223.174) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jan 2013 05:02:06 +0000 Received: by mail-ie0-f174.google.com with SMTP id k11so5212538iea.19 for ; Mon, 21 Jan 2013 21:01:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type; bh=ibzgXeXjTsGaE9ItxhGTWpHqxoLqZ0olzVlvm2YXmNY=; b=x0IjBqDIFPcPj01okP0SocqvRUZQVG01G3vNSXf7cR3rom1OW6AmtxytsasetRM9WG z6bHVnPun727wsXvBkaXq23UMNOWr4blqrztrgmpiiaYNCpdN7lhFqwswfJDLFwRsiRn F02+MZF2qbD4W/nCw0V7vidjS5won2+1fHXsupDS6sFsyJbNOYHvPVVbu6nZbjJPufMx uVBwpaPFVtBCzmji8kX8cLShH7AXdRshEEqS5scuILdDHewvJCppJYRmVQvugPJkh+GX 5IjaLwSmL8q3SZLJiAfb5HYnojoeMPoFilAyjNrznwxG4o6mY2j2zo5oZ1eRxYKvL1Zl h2dg== MIME-Version: 1.0 X-Received: by 10.50.222.201 with SMTP id qo9mr10777960igc.111.1358830905937; Mon, 21 Jan 2013 21:01:45 -0800 (PST) Received: by 10.50.1.44 with HTTP; Mon, 21 Jan 2013 21:01:45 -0800 (PST) Date: Tue, 22 Jan 2013 00:01:45 -0500 Message-ID: Subject: [BEP-0003] [RFC] Permissions in product scope From: Olemis Lang To: bloodhound-dev Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org Hi everybody I've been thinking about how to deal with permissions in product context . AFAICS almost everything should work in a similar way with product environments . For instance, the same (store | policy | ...) components should serve to similar purposes in product scope. Given that product envs will have their own settings , and their own set of enabled components , it seems to me that we should keep the same flexibility under the new circumstances . The only major difference I see is related to TRAC_ADMIN permission. In global env this represent super-user role. There are no restrictions . When trying to translate that inside products this is what I think so far : 1. IMO we should include a new role (permission) , namely product admins (PRODUCT_ADMIN) 2. There is a difference between site admins (i.e. TRAC_ADMIN ) and product admins . The former are responsible for server resources, stability , security ... and similar critical tasks . OTOH only a subset of admin tasks may be delegated to product admins , and strictly in product scope. To make myself clear , TRAC_ADMIN(s) may install new plugins and configure DB connection whereas product admins may not , but they may configure a lot of settings (... not all ... e.g. DB connection is one such setting ) to customize components behavior . 3. We should come up with some mechanism to effectively delimit both scopes. 4. Product owner will always be PRODUCT_ADMIN. 5. Other users may be granted with PRODUCT_ADMIN permission explicitly. 6. Product admins will be granted with all other permissions (e.g. WIKI_MODIFY, TICKET_ADMIN, ...) in product scope. TRAC_ADMIN(s) super user rights will still be effective inside and beyond product boundaries . 7. At present components check for TRAC_ADMIN permission explicitly . Some checks might be true for product admins but others do not. 8. ... which leads to the question ... should we have a single admin area for both TRAC_ADMIN and PRODUCT_ADMIN with actions filtered considering permissions ? 9. Otherwise , should we offer two separate admin sections for each role (... and somehow deal with duplicated behavior ...) ? 10. Considering (2) it seems to me that product admins should not be aware of server-side paths ... 11. ... and thereby IMO for product admins path options should be either hidden or replaced with other controls (I'm thinking of something like trachacks:IniAdminPlugin) . 12. ... but product admins should have the freedom of managing repositories, maybe create new ones (e.g. empty repos , forks , patch queues ...) , o.O I wanted to gather some opinions before modifying BEP 3 and actually write some code about it . I'm focused on the requirements , not the actual solution . PS: There might be much more to consider , feel free to add more items to the list and/or fork the discussion to a separate thread for more focused insights on a particular subject . -- Regards, Olemis. Blog ES: http://simelo-es.blogspot.com/ Blog EN: http://simelo-en.blogspot.com/ Featured article: