View Issue Details

IDProjectCategoryView StatusLast Update
0005381mantisbtadministrationpublic2017-01-18 10:11
Reportervwegert Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status newResolutionopen 
Summary0005381: more flexible group/role/profile/permission management
Description

As we recently discussed in #mantishelp and as stated in several other bug notes, Mantis could use a more flexible approach to manage permissions than the current level-based management system.
This issue serves two main purposes:

  • group related issues through relations
  • provide room for more abstract discussions
Additional Information

The draft of the conept document has grown too large to be uploaded here, so I've uploaded it to my personal webspace at http://attic.volker-wegert.de/Mantis-PermissionManagement.pdf

TagsNo tags attached.

Relationships

parent of 0004296 acknowledged Permission groups: ability to adjust users' view permissions easily 
parent of 0003444 confirmed Add user groups to streamline user management 
parent of 0005273 closedgrangeway permissions 
parent of 0005155 closedvboctor Allow to create user with "smaller" permission than visitor 
has duplicate 0003682 closedgrangeway Unlimied self-defined groups and permissions 
related to 0005940 acknowledged Web UI to customize access levels 
related to 0005108 new User Groups 
related to 0005430 closedvboctor Is there a way to make the Description to be Read-only once the issue is entered ? 
related to 0015766 new Setting to allow Developers to change due date but not update an issue 
Not all the children of this issue are yet resolved or closed.

Activities

vwegert

vwegert

2005-07-19 13:37

reporter   ~0010872

Perhaps http://phpgacl.sourceforge.net/ could be interesting - why reinvent the wheel all over again?

vwegert

vwegert

2005-07-19 15:59

reporter   ~0010878

I've taken the time to walk through the code and create a call graph that shows who is using which access control function. The files are too big to be uploaded here, but can be downloaded from http://attic.volker-wegert.de/AccessChart.zip This file includes three versions of the graph:

  • AccessChartAccess.png only contains the functions that handle permissions directly
  • AccessChartAll.png adds the functions that use the functions above from the files in the core/ directory.
  • AccessChartCore.png is for the people with big printers and includes every direct call to one of the functions from the first graph, including the pages inside the root directory.
vwegert

vwegert

2005-07-19 16:32

reporter   ~0010881

From what I've found out about the access control functions, I'd suggest a two-step approach:

  1. add a layer of "semantic wrapper functions" like access_can_close_bug and replace calls to "low-level generic functions" like access_has_bug_level
  2. rethink the design behind these wrappers

Advantages: No need to change the rest of the code once the first step is completed; clearer view on what kinds of permissions we have to manage (project related actions, bug related actions, ...)

Any suggestions?