bloodhound-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joachim Dreimann <joachim.dreim...@wandisco.com>
Subject Re: First installation... my humble review
Date Wed, 13 Nov 2013 09:17:37 GMT
On 13 November 2013 08:44, Olivier Mauras <olivier@mauras.ch> wrote:

> On 2013-11-12 21:41, Olemis Lang wrote:
>
>> Unless I missed something or a regression has been introduced in /trunk
>> that's exactly the case . This is enforced by the multi-product
>> permission
>> policy [1]_
>>
>>  I join you a screenshot that shows that it's not.
> And to my understanding it is because of not returning the handler if "not
> req.perm.has_permission('TRAC_ADMIN')" in the product admin.
> By removing this check product panel admin becomes available to the owner
> _without_ giving access to other admin panels. At least that's what my
> tests are showing :)
>
>
>  Nevertheless there's a difference between Trac and product admin role .
>> The
>> former are site admins , i.e. they have access to the file system , sudo
>> etc ... whereas the later only manage product resources e.g. tickets ,
>> wiki
>> , ... If you could list all the instances we fail at doing so we'll be
>> looking forward to improve them asap
>>
>>  I see the repositories as a product ressource
>

Agreed, I think that's common in production environments.

- Joe


>
>  they can ...
>>
>>  Not really they can only link to a globally available repository...
> which beats the product isolation.
>
>
>  ... but yes , there is a reason and it's due to the Trac vs product admin
>> roles mentioned above . Trac repository connectors operate on repos cloned
>> in the local file systems (or equivalent ;) therefore adding a new one
>> happens outside the web site boundaries is more like a task of site admins
>>
>>  I don't think this matters much. Even if the product owner doesn't have
> access to filesystem this shouldn't prevent him to enter a path given to
> him by the "bloodhound server admin"
>
> Regards,
> Olivier
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message