Closed scottgonzalez closed 10 years ago
This could be implemented with hierarchical permissions of COMPONENT:ACTION
. And action of ADMIN
would grant all permissions within the component. A special permission of DEBT:ADMIN
would grant all permissions.
The component/action pairs will be managed via code, since the code needs to know about them in order to check which actions can be performed. Granting permissions will happen through the app. On install a single user will be created and granted DEBT:ADMIN
.
Potential permissions:
Admin
Ticket
Permission
Group
Not sure if comments should have their own permissions or just inherit from tickets.
i think comment permissions should just inherit from ticket permissions.
for ticket permissions seems like all you need it ticket:admin, ticket:owner, and ticket:default. Default is create and comment. admin is everything of course, and owner is default plus editing tickets. similar to how github does it.
GitHub doesn't support deleting tickets, so that would still need to be a permission here.
ticket:owner wouldn't be a permission you grant, it'd be a permission that's automatically given on a per-ticket basis. But that's a good point that there should be inherent item-specific permissions granted to the user who creates the item. This only applies to the specific item created, not everything linked to that item. For example, the reporter of a ticket does not get edit over comments on the ticket (except for the comments which they wrote themselves).
for delete of course i just meant a similar model simplifying the permissions might be good. You are also of course right owner would not be something set explicitly it would be based on the ticket and would just added limited abilities ( to close or edit the ticket but not comments )
Probably user, group, world.