On Tue, Jan 31, 2006 at 02:03:53AM +0000, Robin Bowes wrote: > Robin Bowes said the following on 01/26/2006 07:50 PM: > 1. Move users out of specific projects and administer them centrally, > i.e. use RBAC to assign users/groups to specific projects. > > 2. Associate usernames with trac logins so it is possible to set them up > centrally without requiring users to do it for each of their projects. > Currently, if I create a project and add a user to the project then > assign a ticket to that user, they will not get any email notifications > until they login to trac and set their email address.
As much as it sounds like a massive cliche, option 2 particularly (but also most of option 1) would be made fairly simple with with LDAP directory behind it. I'm not a huge fan of LDAP (and neither are too many other people), but it is kinda the Right Way here (since you can auth to LDAP independent of Trac, and pulling an e-mail address out for a user is pretty standard). That being said, a much easier solution, from an admin comprehensibility point-of-view, would just be to allow a separate auth_database config option, which would point to a database that only contained a 'user' table, full of users, passwords, and e-mail addresses. Simple to administer (although it would make the existing htpasswd-style stuff obsolete). On that point, perhaps if you wanted to make it even easier, you could allow Trac to check if a username looked like a real e-mail address and, if it did, to simply send e-mail there if no address is stored in the user's profile. That way, you just make your htpasswd usernames your full e-mail address, and the problem just kind-of magically goes away... On the RBAC front, I think it's best to tie usernames to permissions in each project DB. Much tidier. > 3. Make the reporting available centrally too, i.e. allow cross-project > reporting. This too would be controlled by RBAC. Oh yeah. A cross-project control panel would be a wonderful thing. It shouldn't be too hard, either -- effectively you're just going into each database, checking permissions for the logged-in user, then running the same report over the same database, and then collating the results for all databases at the end of it all. - Matt _______________________________________________ Trac mailing list [email protected] http://lists.edgewall.com/mailman/listinfo/trac
