Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      story #8141 set mediawiki access permissions
    Actions
    Summary
    project admin
    set mediawiki access permissions
    I can control global access to mediawiki read and write

    How it works ?

    As a project admin, I can select the user_groups that can:

    • Access pages in READ
    • Access pages in WRITE

    This is done globally for the given Mediawiki

    The UI for permissions manipulations is done at the same place that current permissions management of MW (bureaucrat, syspo & co).

    Technically speaking:

    • the READ (access to the service) is managed at Mediawiki level (LocalSettings)
    • the WRITE is manage at Mediawiki level (LocalSettings)
    • As it's a new permission, it should act like git new permission model (with Authenticated users)
    • The permissions must be stored in a dedicated, per plugin, table (no longer gobal permissions table)

    What can go wrong (during dev) ?

    • READ cannot be managed in LocalSettings and should be done at Tuleap level

    What we'd like to do (dev) ?

    • Dedicated object to manage permissions
    • Logging/debug of how permissions are handled
    Empty
    vincent.colin-de-verdiere@st.com
    Status
    Empty
    Done
    Development
    • [ ] Does it involves User Interface? 
    • [ ] Are there any mockups?
    • [ ] Are permissions checked?
    • [ ] Does it need Javascript development?
    • [ ] Does it need a forge upgrade bucket?
    • [ ] Does it need to execute things in system events?
    • [ ] Does it impact project creation (templates)?
    • [ ] Is it exploratory?
    Empty
    Details
    #8141
    Manuel Vacelet (vaceletm)
    2015-07-16 13:21
    2015-06-11 15:52
    8165

    References
    Artifact links
    Empty
    Referencing story #8141

    Artifact Tracker v5

    rel #8180 8.4

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/47/4147/10' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 66c669df2f
    User avatar Yannis ROSSETTO (rossettoy) , 2015-07-03 08:37
    story #8141 - be able to set and take READ/WRITE permissions into account 76d1123b78
    User avatar Joris MASSON (jmasson) , 2015-07-02 15:44
    Merge commit 'refs/changes/70/4170/2' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 73e5f4fa18
    User avatar Yannis ROSSETTO (rossettoy) , 2015-07-03 12:04
    story #8141 - Fix bug on project inheritance d1ee82ab25
    User avatar Martin GOYOT (goyotm) , 2015-07-03 08:34
    Merge commit 'refs/changes/77/4177/2' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD e495562810
    User avatar Yannis ROSSETTO (rossettoy) , 2015-07-03 18:14
    story #8141 - Mediawiki rights are inherited 9f662729b9
    User avatar Martin GOYOT (goyotm) , 2015-07-03 17:48
    Merge commit 'refs/changes/72/4172/8' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD f8aeba0d12
    User avatar Yannis ROSSETTO (rossettoy) , 2015-07-08 10:38
    story #8141: change the labelling of projects from public/ project to user-group-based 38f7cfca7f
    User avatar dylan bowden (dylan) , 2015-07-07 18:00
    Merge commit 'refs/changes/12/4212/2' of ssh://gerrit.tuleap.net:29418/tuleap into stable 82b3ab9fbc
    User avatar Nicolas Terray (nterray) , 2015-07-13 14:06
    Revert "story #8141: change the labelling of projects from public/ project to user-group-based" c1057fbe89
    User avatar Yannis ROSSETTO (rossettoy) , 2015-07-13 09:34
    Display settings

    Follow-ups

    User avatar
    Manuel Vacelet (vaceletm)2015-06-18 17:00
    Hi Vincent & all,

    LDAP based user groups will be supported. Once groups are created in Tuleap (be local groups or import of LDAP groups) they are the same.

    -- next story will be AUODP (Artifact Update Over Denis Pilat) ;)
    User avatar
    Denis PILAT (denis_pilat)2015-06-18 16:52
    Here it is:
    Hello Guys,
    Here is my feedback ;-)
    Overall the feature seems correct to me.
    I just checked that the admin UI used to specify bureaucrat, syspo & co fits our needs (possibility to assign accesses for each group independently easily).
    Just one minor question : some groups may be binded to ldap mailing-list, is it an issue ?
    Cheers
    Vincent
    User avatar
    Denis PILAT (denis_pilat)2015-06-18 16:20
    That's fine. I'"m waiting for VCDV feedback, but I think what you proposed includes all he needs
    User avatar
    Manuel Vacelet (vaceletm)2015-06-18 16:11

    When you said "user_groups", does it include "registered users", "project members" ?

    Yes, the objective is to have the same behaviour that what we did for git (with the management of combinatory between platform setup, project visibilty and mediawiki perm) https://tuleap-documentation.readthedocs.org/en/latest/user-guide/site-access.html#resource-configuration

    User avatar
    Denis PILAT (denis_pilat)2015-06-18 15:33
    Manuel
    We are about to prioritize this item.
    When you said "user_groups", does it include "registered users", "project members" ?
    User avatar
    Manuel Vacelet (vaceletm)2015-06-18 09:59
    • Acceptance criteria
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Manuel Vacelet (vaceletm)2015-06-18 09:54
    • Acceptance criteria
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Manuel Vacelet (vaceletm)2015-06-11 15:54

    There are some open questions to be solved before estimation:

    • How does this map with current mediawiki permission model
    • What is the impact of current perms (bureaucrate, sysop, bot, etc), esp. does one of those perm have less "rights" than "write" for instance.