[whups] User authentication
Wed, 5 Sep 2001 17:15:14 -0400
Quoting "Robert E. Coyle" <email@example.com>:
> + You can browse all public tickets without logging in. (Do we want
> to provide for having certain tickets private? That could lead
> to all sorts of requests, like "I want this ticket viewable, but
> this comment and attachment viewable to only these users" etc
> which will just make things far too complicated). It could be
> done by ticket type or ticket module, but you would then need
> to put users in access groups.
We can add acl-type stuff with the Groups::/Perms:: frameworks later.
> + On a public tracking system, anyone with a valid email address
> can register themselves as a user of the system.
> + To add a comment or attachment, you have to be logged in. This
> is so you can't place a comment or ticket without leaving your
> email address.
> + To set the owner, priority, or status, you have to be either the
> current owner of the ticket or the QA person responsible for that
> ticket type. This is a very coarse level of privilege affinity,
> but it makes things much simpler. Maybe there could be an all-
> powerful manager group that can do anything to any ticket.
> Private systems are different only in that you can't do anything
> without a login, and you can't add yourself to the system.
> How much provision for this is in the current horde authentication
> system? I haven't had a chance to look into it properly yet.
Finally getting around to looking at/working on this. I think that maybe the
way to go is to sort of mimic the php bugs system:
- anyone can browse
- to report a bug, you need to be logged in, or to leave your email address,
along with a password for editing that bug
- to edit to a bug, you need to be logged in (Horde auth), to have added it, or
(different from the php system) to add your email address and a password to it
- people logged in to Horde would get the admin-type stuff, possibly restricted
to a subset through Groups::/Perms:: stuff.
So each bug would sort of carry around its own ACL of emails+passwords for
public users, but Horde users wouldn't need to go through any of that.
Charles Hagenbuch, <firstname.lastname@example.org>
Some fallen angels have their good reasons.