Blame doc/usage/project_acls.rst

Vivek Anand 6bbfba
Project Level Access Control
Vivek Anand 6bbfba
============================
Vivek Anand 6bbfba
Vivek Anand 6bbfba
Till release 2.12, pagure had a very simple user model. If we added a new
Vivek Anand 6bbfba
user or a new group to a project, the user/group would be an admin of the project.
Vivek Anand 6bbfba
The user/group  could do everything from changing the status of an issue to adding
Vivek Anand 6bbfba
or removing any user on the project. With project ACL feature, we allow a more fine
Vivek Anand 6bbfba
grained control over what a new user/group has access to, what things it can add or
Vivek Anand 6bbfba
what actions it can take.
Vivek Anand 6bbfba
Vivek Anand 6bbfba
With Project ACL feature, We can now have three levels of access:
Vivek Anand 6bbfba
Vivek Anand 6bbfba
* Ticket: A user or a group with this level of access can only edit metadata
Vivek Anand 6bbfba
  of an issue. This includes changing the status of an issue, adding/removing
Vivek Anand 6bbfba
  tags from them, adding/removing assignees and every other option which can
Vivek Anand 6bbfba
  be accessed when you click "Edit Metadata" button in an issue page. However,
Vivek Anand 6bbfba
  this user can not "create" a new tag or "delete" an existing tag because,
Vivek Anand 6bbfba
  that would involve access to settings page of the project which this user
Vivek Anand 6bbfba
  won't have. It also won't be able to "delete" the issue because, it falls
Vivek Anand 6bbfba
  outside of "Edit Metadata".
Vivek Anand 6bbfba
Vivek Anand 6bbfba
* Commit: A user or a group with this level of access can do everything what
Vivek Anand 6bbfba
  a user/group with ticket access can do + it can do everything on the project
Vivek Anand 6bbfba
  which doesn't include access to settings page. It can "Edit Metadata" of an issue
Vivek Anand 6bbfba
  just like a user with ticket access would do, can merge a pull request, can push
Vivek Anand 6bbfba
  to the main repository directly, delete an issue, cancel a pull request etc.
Vivek Anand 6bbfba
Vivek Anand 6bbfba
* Admin: The user/group with this access has access to everything on the project.
Vivek Anand 6bbfba
  All the "users" of the project that have been added till now are having this access.
Vivek Anand 6bbfba
  They can change the settings of the project, add/remove users/groups on the project.
Vivek Anand 6bbfba
Vivek Anand 6bbfba
Add/Update Access
Vivek Anand 6bbfba
=================
Vivek Anand 6bbfba
Vivek Anand 6bbfba
* Everytime you add a new user or a new group to the project, you will be asked to
Vivek Anand 6bbfba
  provide the level of access you want to give to that user or group. It's a required
Vivek Anand 6bbfba
  field in the form.
Vivek Anand 6bbfba
Vivek Anand 6bbfba
* To add a user or a group to a project, go to settings page of the project. There are
Vivek Anand 6bbfba
  buttons with text: *Add User* and *Add Group*. It will take you to a different page where
Vivek Anand 6bbfba
  you will have to select the user or group (depending on whether you clicked Add User
Vivek Anand 6bbfba
  or Add Group) and the access you want the user/group to have.
Vivek Anand 6bbfba
Vivek Anand 6bbfba
* If you want to update a user or a group's access, the procedure remains same as adding
Vivek Anand 6bbfba
  a user/group. Go to settings page of the project, click on *Add User* or *Add Group*,
Vivek Anand 6bbfba
  select the new access level you want the user/group to give and submit.
Vivek Anand 6bbfba
Vivek Anand 6bbfba
Points to be noted
Vivek Anand 6bbfba
==================
Vivek Anand 6bbfba
Vivek Anand 6bbfba
* The creator of a project in pagure holds a more unique position than a normal user
Vivek Anand 6bbfba
  with admin access. The creator can not be removed by an admin. His access level
Vivek Anand 6bbfba
  can not be changed. But, an admin's access can be updated by a fellow admin
Vivek Anand 6bbfba
  or the creator himself.
Vivek Anand 6bbfba
Vivek Anand 6bbfba
* All the members of a group will have same access over the project except for the case
Vivek Anand 6bbfba
  mentioned in the next point.
Vivek Anand 6bbfba
Vivek Anand 6bbfba
* In cases when, a user is added to a project with an access level of "A" and a group
Vivek Anand 6bbfba
  is also added to the same project with access level "B" and that user is also present
Vivek Anand 6bbfba
  in the group then, the user will enjoy the access of higher of "A" and "B". Meaning,
Vivek Anand 6bbfba
  if the user earlier had access of ticket and the group had access of commit, the user
Vivek Anand 6bbfba
  will enjoy the access of a committer. And, if the user earlier had access of commit and
Vivek Anand 6bbfba
  the group had access of ticket, the user will still be a committer.