incubator-bloodhound-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Olemis Lang <ole...@gmail.com>
Subject Re: [BEP-0003] [RFC] Permissions in product scope
Date Tue, 22 Jan 2013 15:50:14 GMT
On 1/22/13, Joachim Dreimann <joachim.dreimann@wandisco.com> wrote:
> I'm a bit concerned about the complexity of some of those suggestions. I
> think they should be:
>
> 1. Product owner(s) === PRODUCT_ADMIN;

IMO , multiple users may manage a single product . Product admin
permissions are implicit .

> 2. Administration area is the same for all admin levels, just filtered by
> permissions.

This is exactly the point . Now in order to access admin area user
should be granted with TRAC_ADMIN permission . In turn this also means
that (s)he has unlimited power to do anything we can imagine . That's
ok for site admins but unacceptable for product admins .

> 3. Product owners have control over the product, not the environment (as
> Olemis suggested).
>

+1

> I believe it should be our goal to take more of the functionality of the
> 'admin' screens (especially the Ticket System section) and display them in
> the regular UI itself.
>

This may be a nice approach to make a difference between both roles ,
and effectively ban product admins out of /admin area . My previous
reasoning (i.e. regular assertions in product scope like
perm.require(TICKET_MODIFY) always evaluating to true) would be
consistent with this approach . Nonetheless this represents an extra
effort by rewriting all this , not to mention plugin admin panels.

I'm sympathetic to this approach

-- 
Regards,

Olemis.

Blog ES: http://simelo-es.blogspot.com/
Blog EN: http://simelo-en.blogspot.com/

Featured article:

Mime
View raw message