Return-Path: X-Original-To: apmail-incubator-bloodhound-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-bloodhound-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D44B1E6B1 for ; Tue, 22 Jan 2013 15:35:50 +0000 (UTC) Received: (qmail 35581 invoked by uid 500); 22 Jan 2013 15:35:50 -0000 Delivered-To: apmail-incubator-bloodhound-dev-archive@incubator.apache.org Received: (qmail 35505 invoked by uid 500); 22 Jan 2013 15:35:50 -0000 Mailing-List: contact bloodhound-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: bloodhound-dev@incubator.apache.org Delivered-To: mailing list bloodhound-dev@incubator.apache.org Received: (qmail 35489 invoked by uid 99); 22 Jan 2013 15:35:49 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jan 2013 15:35:49 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [209.85.216.48] (HELO mail-qa0-f48.google.com) (209.85.216.48) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jan 2013 15:35:44 +0000 Received: by mail-qa0-f48.google.com with SMTP id l8so5491804qaq.0 for ; Tue, 22 Jan 2013 07:35:23 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type:x-gm-message-state; bh=98JI5C0VYRF++ZEZjmedOvigSypXXPhBXeG45K8NB9o=; b=KYvcuyDJYzThV8W9mgEVm1I3t2rducsomQxdhG12GXJsZ7I6dmE5MhKcsZja+hxSST vZSYLSiXHS2hsICyKJUSzejOu2Q51IbdkvhHnOMHi756UtbCP0o/9vhXwdWi9TVwS6Zb G7SQ8p8wZ9ZCqMOnhdeoCgXAyxeGvJd3odrjORbhJ7jSlT55bEHgVA88MLqqkVRs4sf7 mQhJVYpC+8t8TdPoF/CopL2tdSz1gXACtq0K30Zwz278jYRAyJsVsIfdcrI4HRslm/GT 3KQvDqafZeo8YS9PSdvK2K7eApio2PxIGQtwOw5udzIowkv1u0JBngWaLa4Saoj7dj3v nkMA== MIME-Version: 1.0 X-Received: by 10.224.33.140 with SMTP id h12mr24148149qad.73.1358868922942; Tue, 22 Jan 2013 07:35:22 -0800 (PST) Received: by 10.49.6.73 with HTTP; Tue, 22 Jan 2013 07:35:22 -0800 (PST) In-Reply-To: References: Date: Tue, 22 Jan 2013 16:35:22 +0100 Message-ID: Subject: Re: [BEP-0003] [RFC] Permissions in product scope From: Andrej Golcov To: bloodhound-dev@incubator.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQlJPFCvfrsRQys3oTUDKl8kpXMFPY6pucTYdEhfmkxUVZK6g7vNStvMNQ0O/z18xERCaAvh X-Virus-Checked: Checked by ClamAV on apache.org Let's take a use case. Do we want to allow a ProductAdmin to change workflow for the product and do we want to use existing plugins for this purposes? If the answer is yes, let's assume, that we decided to use TracWorkflowAdminPlugin [1] for this purpose. If we look in TracWorkflowAdminPlugin code [2] we can see: ... class TracWorkflowAdminModule(Component): implements(IAdminPanelProvider, ITemplateProvider, IEnvironmentSetupParticipant) ... # IAdminPanelProvider methods def get_admin_panels(self, req): if 'TRAC_ADMIN' in req.perm: yield ('ticket', dgettext("messages", ("Ticket System")), 'workflowadmin', _("Workflow Admin")) ... As far as I understand the code, (TRAC_ADMIN' in req.perm) should be True if we want the plugin working. So far, we discussed two possibilities how to solve the problem: - ProductAdmin has TRAC_ADMIN permission for product environment - ProductAdmin has PRODUC_ADMIN permission but in some circumstances ('TRAC_ADMIN' in req.perm) still returns True. For sure, there is possibility that I'm missing some important things. [1] https://trac-hacks.org/wiki/TracWorkflowAdminPlugin [2] https://trac-hacks.org/browser/tracworkflowadminplugin/0.12/tracworkflowadmin/web_ui.py