On 03/19/2013 04:09 PM, Andrew Bogott wrote: > I'm starting to write the php code to create/delete groups and > and/remove members, and I think I don't have all the info I need here. > Can you run down an example or two? Specifically, I'm not clear how a > given user is given membership in a specific group.
Any current member of the group can add a project user to the group, and the user who created the group gets automatically added. Removing is an interesting question. I would say that anyone can remove oneself, and project admins can remove anyone; but that nobody can remove the last user. The service user itself is always a member of the group and can never be removed (and should probably not even be displayed in the interface). Deleting a service group/user should be restricted to project admins. I'm not sure if we want to restrict service group/user *creation*. If we do, it has to be project admins. > Also: If there's going to be a 1:1 relationship between service > users and service groups, do we really need to keep track of service > users in ldap at all? That is: if there's a 'local-superbot' group, > then we can take for granted that there will be a 'local-superbot' user, > right? We can take it for granted, but the user nevertheless has to be there in LDAP for getent() to find. Incidentally, the service user's primary group should be configurable in some manner, or at the very least fixed to a global-group that is distinct from humans'. -- Marc _______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
