(Replying to myself more as a log of ideas :))
On Sat, Jan 13, 2007 at 07:31:08PM +1100, Alec Thomas wrote:
> Once the permissions are more uniform, we can begin removing the
> reliance on having a permission for each action on each object and move
> to a small set of permissions:
>
> VIEW
> CREATE
> DELETE
> MODIFY
> APPEND
> ATTACH
> GRANT (maybe? for allowing a user to grant other users non-ADMIN
> permissions)
> ADMIN (all of the above)
>
> The only slight "wart" is that the module itself defines the
> permissions, even of things like ATTACH which perhaps should be defined
> in other modules, but perhaps not. I think this is difficult to avoid
> though, because the attachment module and its parent are co-reliant.
To make this work we'll need to have "sub-realms" for each realm that
supports attachments.
eg.
wiki
wiki//attachment
ticket//attachment
(or whatever syntax is decided on for separating contexts/realms)
That way a user can individually grant attachment permissions on
different parent objects. Actually, thinking about it, this will
alleviate the need for an ATTACH permission altogether, as "CREATE" in
the wiki:attachment security realm would provide this permission.
--
Evolution: Taking care of those too stupid to take care of themselves.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/trac-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
