User authentication
Robert E. Coyle
robertecoyle@hotmail.com
Wed, 28 Mar 2001 01:28:09 +0100
User authentication is the only part left before whups is usable
(albeit unfriendly for the administrator). These are the requirements
for a public ticket tracking system:
+ You can browse all public tickets without logging in. (Do we want
to provide for having certain tickets private? That could lead
to all sorts of requests, like "I want this ticket viewable, but
this comment and attachment viewable to only these users" etc
which will just make things far too complicated). It could be
done by ticket type or ticket module, but you would then need
to put users in access groups.
There needs to be an access level anyway, as in new users can
only add tickets in any 'unconfirmed' state, but certain users
will want to be able to add tickets directly into a 'new' state.
+ Anyone who has logged in can add themselves to the notification
list of any (public) ticket.
+ On a public tracking system, anyone with a valid email address
can register themselves as a user of the system.
+ To add a comment or attachment, you have to be logged in. This
is so you can't place a comment or ticket without leaving your
email address.
+ To set the owner, priority, or status, you have to be either the
current owner of the ticket or the QA person responsible for that
ticket type. This is a very coarse level of privilege affinity,
but it makes things much simpler. Maybe there could be an all-
powerful manager group that can do anything to any ticket.
Private systems are different only in that you can't do anything
without a login, and you can't add yourself to the system.
How much provision for this is in the current horde authentication
system? I haven't had a chance to look into it properly yet.
Rob
--
Jone's Law:
The man who smiles when things go wrong has thought of someone
to blame it on.