[whups] User authentication

Chuck Hagenbuch chuck@horde.org
Wed, 5 Sep 2001 17:15:14 -0400

Quoting "Robert E. Coyle" <robertecoyle@hotmail.com>:

>  + You can browse all public tickets without logging in. (Do we want
>    to provide for having certain tickets private?  That could lead
>    to all sorts of requests, like "I want this ticket viewable, but
>    this comment and attachment viewable to only these users" etc
>    which will just make things far too complicated).  It could be
>    done by ticket type or ticket module, but you would then need
>    to put users in access groups.

We can add acl-type stuff with the Groups::/Perms:: frameworks later.

>  + On a public tracking system, anyone with a valid email address
>    can register themselves as a user of the system.
>  + To add a comment or attachment, you have to be logged in.  This
>    is so you can't place a comment or ticket without leaving your
>    email address.
>  + To set the owner, priority, or status, you have to be either the
>    current owner of the ticket or the QA person responsible for that
>    ticket type.  This is a very coarse level of privilege affinity,
>    but it makes things much simpler.  Maybe there could be an all-
>    powerful manager group that can do anything to any ticket.
> Private systems are different only in that you can't do anything
> without a login, and you can't add yourself to the system.
> How much provision for this is in the current horde authentication
> system?  I haven't had a chance to look into it properly yet.

Finally getting around to looking at/working on this. I think that maybe the 
way to go is to sort of mimic the php bugs system:

- anyone can browse
- to report a bug, you need to be logged in, or to leave your email address, 
along with a password for editing that bug
- to edit to a bug, you need to be logged in (Horde auth), to have added it, or 
(different from the php system) to add your email address and a password to it
- people logged in to Horde would get the admin-type stuff, possibly restricted 
to a subset through Groups::/Perms:: stuff.

So each bug would sort of carry around its own ACL of emails+passwords for 
public users, but Horde users wouldn't need to go through any of that.



Charles Hagenbuch, <chuck@horde.org>
Some fallen angels have their good reasons.