Home Explore Help
Sign In
RISCI_ATOM
/
pagure
mirror of https://pagure.io/pagure.git
1
0
Fork 0
Files Issues 3 Wiki
Tree: 5405a22371
Branches Tags
pagure
/
doc
/
usage
/
project_acls.rst

project_acls.rst 3.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. Project Level Access Control
    2. 

  2. ============================
    3. 

  3. 

  4. Till release 2.12, pagure had a very simple user model. If we added a new
    5. 

  5. user or a new group to a project, the user/group would be an admin of the project.
    6. 

  6. The user/group  could do everything from changing the status of an issue to adding
    7. 

  7. or removing any user on the project. With project ACL feature, we allow a more fine
    8. 

  8. grained control over what a new user/group has access to, what things it can add or
    9. 

  9. what actions it can take.
    10. 

  10. 

  11. With Project ACL feature, We can now have three levels of access:
    12. 

  12. 

  13. * Ticket: A user or a group with this level of access can only edit metadata
    14. 

  14.   of an issue. This includes changing the status of an issue, adding/removing
    15. 

  15.   tags from them, adding/removing assignees and every other option which can
    16. 

  16.   be accessed when you click "Edit Metadata" button in an issue page. However,
    17. 

  17.   this user can not "create" a new tag or "delete" an existing tag because,
    18. 

  18.   that would involve access to settings page of the project which this user
    19. 

  19.   won't have. It also won't be able to "delete" the issue because, it falls
    20. 

  20.   outside of "Edit Metadata".
    21. 

  21. 

  22. * Commit: A user or a group with this level of access can do everything what
    23. 

  23.   a user/group with ticket access can do + it can do everything on the project
    24. 

  24.   which doesn't include access to settings page. It can "Edit Metadata" of an issue
    25. 

  25.   just like a user with ticket access would do, can merge a pull request, can push
    26. 

  26.   to the main repository directly, delete an issue, cancel a pull request etc.
    27. 

  27. 

  28. * Admin: The user/group with this access has access to everything on the project.
    29. 

  29.   All the "users" of the project that have been added till now are having this access.
    30. 

  30.   They can change the settings of the project, add/remove users/groups on the project.
    31. 

  31. 

  32. Add/Update Access
    33. 

  33. -----------------
    34. 

  34. 

  35. * Every time you add a new user or a new group to the project, you will be asked to
    36. 

  36.   provide the level of access you want to give to that user or group. It's a required
    37. 

  37.   field in the form.
    38. 

  38. 

  39. * To add a user or a group to a project, go to settings page of the project. There are
    40. 

  40.   buttons with text: *Add User* and *Add Group*. It will take you to a different page where
    41. 

  41.   you will have to select the user or group (depending on whether you clicked Add User
    42. 

  42.   or Add Group) and the access you want the user/group to have.
    43. 

  43. 

  44. * If you want to update a user or a group's access, go to settings page of the project.
    45. 

  45.   There is a section which lists users associated with the project with the buttons to edit their
    46. 

  46.   access and a different button to remove them from the project. If you click the edit
    47. 

  47.   button, you will be taken to a different page where you can change the access and then
    48. 

  48.   click on Update button.
    49. 

  49. 

  50. Points to be noted
    51. 

  51. ------------------
    52. 

  52. 

  53. * The creator of a project in pagure holds a more unique position than a normal user
    54. 

  54.   with admin access. The creator can not be removed by an admin. His access level
    55. 

  55.   can not be changed. But, an admin's access can be updated by a fellow admin
    56. 

  56.   or the creator himself.
    57. 

  57. 

  58. * All the members of a group will have same access over the project except for the case
    59. 

  59.   mentioned in the next point.
    60. 

  60. 

  61. * In cases when, a user is added to a project with an access level of "A" and a group
    62. 

  62.   is also added to the same project with access level "B" and that user is also present
    63. 

  63.   in the group then, the user will enjoy the access of higher of "A" and "B". Meaning,
    64. 

  64.   if the user earlier had access of ticket and the group had access of commit, the user
    65. 

  65.   will enjoy the access of a committer. And, if the user earlier had access of commit and
    66. 

  66.   the group had access of ticket, the user will still be a committer.
    67.