Public bug reported:
I had an idea about rounding out the Mailman permissions model,
interested in hearing thoughts on it. Obviously there has been
considerable discussion on this topic before.
Mailman already carries much of the information needed for determining user
permissions to Mailman resources. Only two things are missing: 1: the ability
to define a user as being a “serverowner”
2: the ability to define a user as being a “domainowner”
(You’ll need to look at this email in plain text to see the table
properly).
The Mailman permissions model currently looks like this:
resource_type roles resource_id user_identifier where
to find permission
---------------------------------------------------------------------------------------------------------
user userowner n/a UUID
(defined in user record)
list listowner list_id subscriber
(defined in list member record)
list listmember list_id subscriber
(defined in list member record)
list listmoderator list_id subscriber
(defined in list member record)
list listnonmember list_id subscriber
(defined in list member record)
I am suggesting adding two further permissions to the existing
permissions model, which would look like this:
resource_type roles resource_id user_id where
to find permission
---------------------------------------------------------------------------------------------------------
server serverowner n/a UUID (not
currently defined in Mailman)
domain domainowner mail_host UUID (not
currently defined in Mailman)
To implement, it would need to be possible to define as user as being a
‘serverowner’, and also to be able to define a user as being a ‘domainowner’
for any given domain. It should be possible to define multiple user with the
serverowner role and it should be possible to define multiple users with the
domain owner role.
If it were possible to do so within the Mailman core then there would be
a completely usable permissions model entirely within Mailman, and no
need to store any additional permissions data outside Mailman. The
permissions model would allow definition of user access to any Mailman
resource including domains and servers.
The interpretation of the permissions would still be up to the
application that consumes the REST API, as is currently the case.
There would need to be methods available via the REST API to:
set domainowner role for a user
set serverowner role for a user
delete domainowner role from a user
delete serverowner role from a user
find if a specific user holds domainowner
find if a specific user holds serverowner role
find all domainowners for a domain
find all serverowners
** Affects: mailman
Importance: Undecided
Status: New
** Tags: enhancement mailman3
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1423756
Title:
Ability to define user as domainowner or serverowner
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1423756/+subscriptions
_______________________________________________
Mailman-coders mailing list
[email protected]
https://mail.python.org/mailman/listinfo/mailman-coders
