> 7. At present components check for TRAC_ADMIN permission explicitly . > Some checks might be true for product admins but others do not. How does Trac should know when it is the case? That can be quite complex and and potentially brings inconsistent behavior.
I have in mind a little different solution that also has some drawbacks but provides consistent behavior: - Site Admin has TRAC_ADMIN permission for parent environment. - Product Admin has TRAC_ADMIN permission for specific product environment. - Check TRAC_ADMIN permission in product environment should return True for Site Admin. IOW, Site admin is also admin for all products. - Site Admin UI has it's own url and is executed in parent environment e.g. http://bla/main/admin - The functionality of the UI can be quite different from Product Admin UI, e.g. User management must be part of this UI. - Product Admin UI has it's own url and is executed in product environment e.g. http://bla/main/productX/admin - Product admin can assign product specific permissions to user but cannot CRUD users, change system specific settings. - Product environment should protect from changing of system settings and multi-product instances such as Users. For example, Product Admin (with TRAC_ADMIN permission on specific product) cannot change DB connection string. That can be tricky :) I don't yet feel myself confident enough to say how this can be implemented. May be kind of black list of system settings? Comment, please. Regards, Andrej
