|
Vivek Anand |
6bbfba |
Project Level Access Control
|
|
Vivek Anand |
6bbfba |
============================
|
|
Vivek Anand |
6bbfba |
|
|
Vivek Anand |
6bbfba |
Till release 2.12, pagure had a very simple user model. If we added a new
|
|
Vivek Anand |
6bbfba |
user or a new group to a project, the user/group would be an admin of the project.
|
|
Vivek Anand |
6bbfba |
The user/group could do everything from changing the status of an issue to adding
|
|
Vivek Anand |
6bbfba |
or removing any user on the project. With project ACL feature, we allow a more fine
|
|
Vivek Anand |
6bbfba |
grained control over what a new user/group has access to, what things it can add or
|
|
Vivek Anand |
6bbfba |
what actions it can take.
|
|
Vivek Anand |
6bbfba |
|
|
Vivek Anand |
6bbfba |
With Project ACL feature, We can now have three levels of access:
|
|
Vivek Anand |
6bbfba |
|
|
Vivek Anand |
6bbfba |
* Ticket: A user or a group with this level of access can only edit metadata
|
|
Vivek Anand |
6bbfba |
of an issue. This includes changing the status of an issue, adding/removing
|
|
Vivek Anand |
6bbfba |
tags from them, adding/removing assignees and every other option which can
|
|
Vivek Anand |
6bbfba |
be accessed when you click "Edit Metadata" button in an issue page. However,
|
|
Vivek Anand |
6bbfba |
this user can not "create" a new tag or "delete" an existing tag because,
|
|
Vivek Anand |
6bbfba |
that would involve access to settings page of the project which this user
|
|
Vivek Anand |
6bbfba |
won't have. It also won't be able to "delete" the issue because, it falls
|
|
Vivek Anand |
6bbfba |
outside of "Edit Metadata".
|
|
Vivek Anand |
6bbfba |
|
|
Vivek Anand |
6bbfba |
* Commit: A user or a group with this level of access can do everything what
|
|
Vivek Anand |
6bbfba |
a user/group with ticket access can do + it can do everything on the project
|
|
Vivek Anand |
6bbfba |
which doesn't include access to settings page. It can "Edit Metadata" of an issue
|
|
Vivek Anand |
6bbfba |
just like a user with ticket access would do, can merge a pull request, can push
|
|
Vivek Anand |
6bbfba |
to the main repository directly, delete an issue, cancel a pull request etc.
|
|
Vivek Anand |
6bbfba |
|
|
Vivek Anand |
6bbfba |
* Admin: The user/group with this access has access to everything on the project.
|
|
Vivek Anand |
6bbfba |
All the "users" of the project that have been added till now are having this access.
|
|
Vivek Anand |
6bbfba |
They can change the settings of the project, add/remove users/groups on the project.
|
|
Vivek Anand |
6bbfba |
|
|
Vivek Anand |
6bbfba |
Add/Update Access
|
|
René Genz |
ec0022 |
-----------------
|
|
Vivek Anand |
6bbfba |
|
|
René Genz |
520020 |
* Every time you add a new user or a new group to the project, you will be asked to
|
|
Vivek Anand |
6bbfba |
provide the level of access you want to give to that user or group. It's a required
|
|
Vivek Anand |
6bbfba |
field in the form.
|
|
Vivek Anand |
6bbfba |
|
|
Vivek Anand |
6bbfba |
* To add a user or a group to a project, go to settings page of the project. There are
|
|
Vivek Anand |
6bbfba |
buttons with text: *Add User* and *Add Group*. It will take you to a different page where
|
|
Vivek Anand |
6bbfba |
you will have to select the user or group (depending on whether you clicked Add User
|
|
Vivek Anand |
6bbfba |
or Add Group) and the access you want the user/group to have.
|
|
Vivek Anand |
6bbfba |
|
|
Vivek Anand |
7208b9 |
* If you want to update a user or a group's access, go to settings page of the project.
|
|
Vivek Anand |
7208b9 |
There is a section which lists users associated with the project with the buttons to edit their
|
|
Vivek Anand |
7208b9 |
access and a different button to remove them from the project. If you click the edit
|
|
Vivek Anand |
7208b9 |
button, you will be taken to a different page where you can change the access and then
|
|
Vivek Anand |
7208b9 |
click on Update button.
|
|
Vivek Anand |
6bbfba |
|
|
Vivek Anand |
6bbfba |
Points to be noted
|
|
René Genz |
ec0022 |
------------------
|
|
Vivek Anand |
6bbfba |
|
|
Vivek Anand |
6bbfba |
* The creator of a project in pagure holds a more unique position than a normal user
|
|
Vivek Anand |
6bbfba |
with admin access. The creator can not be removed by an admin. His access level
|
|
Vivek Anand |
6bbfba |
can not be changed. But, an admin's access can be updated by a fellow admin
|
|
Vivek Anand |
6bbfba |
or the creator himself.
|
|
Vivek Anand |
6bbfba |
|
|
Vivek Anand |
6bbfba |
* All the members of a group will have same access over the project except for the case
|
|
Vivek Anand |
6bbfba |
mentioned in the next point.
|
|
Vivek Anand |
6bbfba |
|
|
Vivek Anand |
6bbfba |
* In cases when, a user is added to a project with an access level of "A" and a group
|
|
Vivek Anand |
6bbfba |
is also added to the same project with access level "B" and that user is also present
|
|
Vivek Anand |
6bbfba |
in the group then, the user will enjoy the access of higher of "A" and "B". Meaning,
|
|
Vivek Anand |
6bbfba |
if the user earlier had access of ticket and the group had access of commit, the user
|
|
Vivek Anand |
6bbfba |
will enjoy the access of a committer. And, if the user earlier had access of commit and
|
|
Vivek Anand |
6bbfba |
the group had access of ticket, the user will still be a committer.
|