[Dune] More flyspray permission for contributors

Jö Fahlke jorrit at jorrit.de
Mon Jan 30 14:54:06 CET 2012


Am Sun, 29. Jan 2012, 22:10:34 +0100 schrieb Christoph Grüninger:
> Flyspray is cumbersome for people with a restricted permission
> level. I propose the make a new group contributors and give
> them the right to take the ownership of a task, close tasks
> that are not their own's, add votes and edit a task.
> 
> I am aware of the fact that we have not yet named contributors.
> Maybe this would be a reason to make up for this.

Hmm -- that prompted me to look at the flyspray permission system (again), and
I think this time I may have understood it.  We currently have three groups:

Admin: christi, joe, mblatt, sander, sven
   May do everything
Developers: Carsten, dan, dedner, gersbach, gruenich, nolte, peter, robertk
   Can do everything to a task. (Except "Edit own comments"?!?  But "Edit
   comments" is enabled, so that probably has no effect).
Basic: everyone else.

Below I'Ve listed the current permission.  If nobody disagrees, I'll change
the permissions of the group Basic as shown.

|                              | Developers | Basic | Basic (proposed) |
|------------------------------+------------+-------+------------------|
|              Project Manager | yes        | no    | no               |
|                   View tasks | yes        | yes   | yes              |
|               Open new tasks | yes        | yes   | yes              |
|             Modify own tasks | yes        | yes   | yes              |
|         Modify tasks that... |            |       |                  |
|         ..are not user's own | yes        | no    | no               |
|                View comments | yes        | yes   | yes              |
|                 Add comments | yes        | yes   | yes              |
|            Edit own comments | no         | no    | no               |
|                Edit comments | yes        | no    | no               |
|              Delete comments | yes        | no    | no               |
|           Create attachments | yes        | yes   | no               |
|           Delete attachments | yes        | no    | no               |
| [1]             View history | yes        | no    | yes              |
|              Close own tasks | yes        | yes   | yes              |
|          Close tasks that... |            |       |                  |
|        ...are not user's own | yes        | no    | yes              |
|      Assign tasks to self... |            |       |                  |
|   ...if not already assigned | yes        | no    | yes              |
| Assign others' tasks to self | yes        | no    | yes              |
| [1]    Add self to assignees | yes        | no    | yes              |
|               View event log | yes        | yes   | yes              |
|           Can Vote for tasks | yes        | no    | yes              |
| [1]         Edit assignments | yes        | no    | yes              |
| [1]        Show as assignees | no         | no    | yes              |
|            Members can login | yes        | yes   | yes              |

[1] Does anyone know what these do, exactly?

I think we can give everyone in group Basic the right to do anything
reversible -- in particular they should be able to close any task, and to
assign tasks.  If there is someone misbehaving I think we can resolve that
with a discussion, or in the worst case by removing his account, or by putting
it into a new group "Troublemakers".

As to the potentially non-reversible permissions:

 - "Can Vote for tasks": I don't see any harm in enabling.  I've never noticed
   that feature before, and it is probably useless for official votes since
   there is no group for the official core developers, and there is at least
   one admin who isn't core developer.  Besides, we did fine without it so
   far.  But I suppose it may be useful for polls.

 - "Show as assignees": Does anyone know what that does?

 - "Edit/Delete (own) comments": I don't consider that one useful -- if you
   made a mistake, you should clarify in a later comment.  It's no good for
   unpublishing anything that wasn't supposed to go public in the first place,
   since it will have to be removed from the mailing list archive too, and
   that requires an admin anyway.

 - "Delete attachments": Likewise, you should fix it up with another comment
   and another attachment.  But unlike "Delete comments", this one may be
   useful to remove information that shouldn't have gone public, since
   attachments aren't sent to the mailing list.  Still, since there isn't any
   "Delete _own_ attachements" I wouldn't enable it for group Basic.

 - "Project manager": what does this do?  Probably allows you to add releases,
   resolutions, categories etc.  Don't think it's necessary for group Basic.

 - "Modify own tasks": This is a tricky one.  On the one hand, it would be
   quite useful if you were able to fix up the category etc. if you made a
   mistake while opening a new task.  And categories aren't a lot of data, so
   the "only allow reversible things"-maxime doesn't really apply that
   strongly.  On the other hand, this allows modification of the original task
   description, which can result in data loss.  But then, this only gives
   permission to the user who opened the task, and any accidential
   modifications can be recovered from using the mailing list archive.

   @Elias: I kind of remember that you had problems changing the category of
           some tasks a while ago.  Were that tasks that you opened?  In that
           case I may be misunderstanding the meaning of "own task".

 - "Modify tasks that are not user's own": This would allow anyone to do bug
   triaging, but it would also enable anyone to edit a task's description.
   Since new users automatically end up in the Basic group, this would
   potentially allow spammers to destroy data (even though that would probably
   be recoverable from the mailing list archive).  So I would not allow this.

Bye,
Jö.

-- 
Jorrit (Jö) Fahlke, Interdisciplinary Center for Scientific Computing,
Heidelberg University, Im Neuenheimer Feld 368, D-69120 Heidelberg
Tel: +49 6221 54 8890 Fax: +49 6221 54 8884

If you receive something that says "Send this to everyone you know,"
pretend you don't know me.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <https://lists.dune-project.org/pipermail/dune/attachments/20120130/681647e1/attachment.sig>


More information about the Dune mailing list