From: Tobias P. <pol...@gm...> - 2005-09-20 07:37:10
|
Hi Volker, I looked at your draft and I thank you for puting so much thoughts into improving mantis. But in my opinion the additional features are not worth the additional complexity of the permission management system. Probably you can not have both: A full featured bugtracking for giant applications with fine-grained permission requirements, and a ready-to-use, easy-to-configure, straight-forward-to-extend system for most of the cases. I would like to hear the opinion of the development crew is on that. Regards, Tobias -- GMX DSL = Maximale Leistung zum minimalen Preis! 2000 MB nur 2,99, Flatrate ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl -- GMX DSL = Maximale Leistung zum minimalen Preis! 2000 MB nur 2,99, Flatrate ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl |
From: Volker W. <ma...@vo...> - 2005-09-20 18:55:13
|
Hi! "Tobias Polzin" <pol...@gm...> writes: > I looked at your draft and I thank you for puting so much thoughts into > improving mantis. But in my opinion the additional features are not worth > the additional complexity of the permission management system. Well, the additional features are what I'd need to cover my requirements. I need more than six permission levels and - even more important than that - I need permissions that can be granted to a certain group of users exclusively, that is, without including all "superior levels". I need user groups to assign permissions instead of managing permissions for each user and project separately, and preferably the user-to-group assignments should be drawn out of some LDAP repository. BTW, I do not think that implementing these features would be that complex. I was tempted to start hacking mantis to my needs right away, but that's generally a bad idea. "Walking on water and developing software from a specification are easy if both are frozen." (Edward V. Berard) This is essentially why I'd like to get some set of features and requirements agreed upon and (more or less) frozen. I'd volunteer to code this part, but I don't have the time to re-engineer it over and over again. BTW, I'm also evaluating external libraries and existing code wherever I find it. The only library I have not (yet) had to remove from my list is phpGACL - and in this case, I'm not sure whether bending phpGACL into shape would be less effort than re-inventing this kind of wheel again... > Probably you can not have both: A full featured bugtracking for giant > applications with fine-grained permission requirements, and a ready-to-use, > easy-to-configure, straight-forward-to-extend system for most of the cases. Well, whether the system is ready-to-use depends on the pre-defined settings that come bundled inside the tarball - you can preset the "new" permission management system with sensible values about as easy as you could turn the current installation tarball into an unusable state by messing up the configuration defaults. Easy-to-configure - Please correct me if I'm wrong, but I don't think that hacking several PHP include files is easier than managing the permissions using a sensible (!) web UI. Straight-forward-to-extend - how do you extend the current system then? How do you setup new permission levels, and how do you insert new permission checks into the code? Is this straight-forward to extend? > I would like to hear the opinion of the development crew is on that. Same here! Please don't get me wrong - I like Mantis very much, and for most of the installations I'm maintaining, the current system is perfectly OK. But one installation is currently touching the boundaries of the current system, and another might-be installation is currently postponed and might never come into existence because the requirements can't be fulfilled with the current permission layout. I'm simply trying to scratch a spot that is itching... Best regards Volker -- * Volker Wegert * http://www.volker-wegert.de/contact * * Am Anfang war das Wort, und das Wort war "content-type=text/plain; * charset=iso-8859-1". * |
From: Russ T. <ru...@i2...> - 2005-09-22 16:12:21
|
On Tuesday 20 September 2005 1:51 pm, Volker Wegert wrote: > Hi! > > "Tobias Polzin" <pol...@gm...> writes: > > I looked at your draft and I thank you for puting so much thoughts into > > improving mantis. But in my opinion the additional features are not > > worth the additional complexity of the permission management system. In my experience this is generally not the case. Does anyone have particula= r=20 cases that are a concern? Maybe those could be addressed with some=20 discussion.=20 > Well, the additional features are what I'd need to cover my requirements. > I need more than six permission levels and - even more important than > that - I need permissions that can be granted to a certain group of users > exclusively, that is, without including all "superior levels". I need I need this as well. This is something that our Mantis using clients ask fo= r=20 as well. Sometimes we can work around those requirements but sometimes we=20 cannot. [snip] > Same here! Please don't get me wrong - I like Mantis very much, and for > most of the installations I'm maintaining, the current system is > perfectly OK. But one installation is currently touching the boundaries > of the current system, and another might-be installation is currently > postponed and might never come into existence because the requirements > can't be fulfilled with the current permission layout. I'm simply trying > to scratch a spot that is itching... > > Best regards > Volker I read a previous draft for the permission levels. I am impressed with the= =20 effort you have put forth. I hope this can move forward. One thing I don't like about Mantis permissions is how so many things are=20 tied directly to a role (viewer, reporter, updater, etc) or are implicity=20 defined by that role. It would be much more flexible to tie specific=20 permissions to those roles instead. It also makes it easy to create new=20 roles, which would resolve all requests for enhancements / changes I get=20 from clients. I also wish permissions could have one or more actions=20 associated with them. Something like bug_perm("view", "edit", "remind",=20 "delete", "add note") vs. bug_perm("view"). I find that simpler to deal=20 with than N combinations of bug_view_perm, bug_edit_perm, bug_delete_perm,= =20 etc. That may not be the best example, but hopefully you get the idea. =2D-=20 Russ Tennant ru...@i2... |
From: Cris D. <cr...@ds...> - 2005-09-22 16:15:50
|
I think the key is templating - you need to develop several default permissions templates for people to apply, then customize. Otherwise, everyone will hate you for all the clicking they have to do :) > -----Original Message----- > From: man...@li... > [mailto:man...@li...] On Behalf > Of Russ Tennant > Sent: Thursday, September 22, 2005 12:12 PM > To: man...@li... > Cc: Volker Wegert > Subject: Re: [Mantisbt-dev] Re: once again: updated concept > draft for #5381 (permission management) > > On Tuesday 20 September 2005 1:51 pm, Volker Wegert wrote: > > Hi! > > > > "Tobias Polzin" <pol...@gm...> writes: > > > I looked at your draft and I thank you for puting so much > thoughts > > > into improving mantis. But in my opinion the additional > features are > > > not worth the additional complexity of the permission > management system. > > In my experience this is generally not the case. Does anyone > have particular cases that are a concern? Maybe those could > be addressed with some discussion. > > > Well, the additional features are what I'd need to cover my > requirements. > > I need more than six permission levels and - even more > important than > > that - I need permissions that can be granted to a certain group of > > users exclusively, that is, without including all "superior > levels". I > > need > > I need this as well. This is something that our Mantis using > clients ask for as well. Sometimes we can work around those > requirements but sometimes we cannot. > > [snip] > > Same here! Please don't get me wrong - I like Mantis very much, and > > for most of the installations I'm maintaining, the current > system is > > perfectly OK. But one installation is currently touching the > > boundaries of the current system, and another might-be > installation is > > currently postponed and might never come into existence because the > > requirements can't be fulfilled with the current permission layout. > > I'm simply trying to scratch a spot that is itching... > > > > Best regards > > Volker > > I read a previous draft for the permission levels. I am > impressed with the effort you have put forth. I hope this can > move forward. > > One thing I don't like about Mantis permissions is how so > many things are tied directly to a role (viewer, reporter, > updater, etc) or are implicity defined by that role. It would > be much more flexible to tie specific permissions to those > roles instead. It also makes it easy to create new roles, > which would resolve all requests for enhancements / changes I > get from clients. I also wish permissions could have one or > more actions associated with them. Something like > bug_perm("view", "edit", "remind", "delete", "add note") vs. > bug_perm("view"). I find that simpler to deal with than N > combinations of bug_view_perm, bug_edit_perm, > bug_delete_perm, etc. That may not be the best example, but > hopefully you get the idea. > > > -- > Russ Tennant > ru...@i2... > |