incubator-bloodhound-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Dreimann <joachim.dreim...@wandisco.com>
Subject Re: [BEP-0003] [RFC] Permissions in product scope
Date Tue, 22 Jan 2013 20:45:35 GMT

On 22 Jan 2013, at 15:50, Olemis Lang <olemis@gmail.com> wrote:

> On 1/22/13, Joachim Dreimann <joachim.dreimann@wandisco.com> wrote:
>> I'm a bit concerned about the complexity of some of those suggestions. I
>> think they should be:
>> 
>> 1. Product owner(s) === PRODUCT_ADMIN;
> 
> IMO , multiple users may manage a single product . Product admin
> permissions are implicit .

I believe this should be explicit ( -> obvious who has permissions). If multiple users
administrate a product, then multiple users should be listed as product owners.

> 
>> 2. Administration area is the same for all admin levels, just filtered by
>> permissions.
> 
> This is exactly the point . Now in order to access admin area user
> should be granted with TRAC_ADMIN permission . In turn this also means
> that (s)he has unlimited power to do anything we can imagine . That's
> ok for site admins but unacceptable for product admins .
> 
>> 3. Product owners have control over the product, not the environment (as
>> Olemis suggested).
> 
> +1
> 
>> I believe it should be our goal to take more of the functionality of the
>> 'admin' screens (especially the Ticket System section) and display them in
>> the regular UI itself.
> 
> This may be a nice approach to make a difference between both roles ,
> and effectively ban product admins out of /admin area . My previous
> reasoning (i.e. regular assertions in product scope like
> perm.require(TICKET_MODIFY) always evaluating to true) would be
> consistent with this approach . Nonetheless this represents an extra
> effort by rewriting all this , not to mention plugin admin panels.
> 
> I'm sympathetic to this approach
> 
> -- 
> Regards,
> 
> Olemis.
> 
> Blog ES: http://simelo-es.blogspot.com/
> Blog EN: http://simelo-en.blogspot.com/
> 
> Featured article:

Mime
View raw message