On 13 November 2013 08:44, Olivier Mauras <[email protected]> wrote: > On 2013-11-12 21:41, Olemis Lang wrote: > >> Unless I missed something or a regression has been introduced in /trunk >> that's exactly the case . This is enforced by the multi-product >> permission >> policy [1]_ >> >> I join you a screenshot that shows that it's not. > And to my understanding it is because of not returning the handler if "not > req.perm.has_permission('TRAC_ADMIN')" in the product admin. > By removing this check product panel admin becomes available to the owner > _without_ giving access to other admin panels. At least that's what my > tests are showing :) > > > Nevertheless there's a difference between Trac and product admin role . >> The >> former are site admins , i.e. they have access to the file system , sudo >> etc ... whereas the later only manage product resources e.g. tickets , >> wiki >> , ... If you could list all the instances we fail at doing so we'll be >> looking forward to improve them asap >> >> I see the repositories as a product ressource >
Agreed, I think that's common in production environments. - Joe > > they can ... >> >> Not really they can only link to a globally available repository... > which beats the product isolation. > > > ... but yes , there is a reason and it's due to the Trac vs product admin >> roles mentioned above . Trac repository connectors operate on repos cloned >> in the local file systems (or equivalent ;) therefore adding a new one >> happens outside the web site boundaries is more like a task of site admins >> >> I don't think this matters much. Even if the product owner doesn't have > access to filesystem this shouldn't prevent him to enter a path given to > him by the "bloodhound server admin" > > Regards, > Olivier >
