•  
      story #9281 define FRS global permissions
    Summary
    project admin
    define FRS global permissions

    I can better control who access my releases and have a consistent interface to manage the people who can write

    • Replace the current global FRS permission (Admin/None in "User permissions" matrix) by a service based definition of Read and Write (based on groups instead of users).
      • For WRITE (admins), during conversion a user group will be automatically created (probably re-use already placeholder file_manager_admins) for all existing projects to group all users that were "FRS admin".
      • For READ (consumers), during the conversion, we should take into account platform & project visibility. For instance in a public project all registererd users can access the FRS but in a private project it's only project_members. For "public incl. restricted", it's authenticated users by default.
    • In FRS admin, there is a new section to define permissions for Read & Write (as for mediawiki)
      • By default, Read is granted to project_members
      • Write is granted to
        • "frs_administrators" for existing projects
        • for new projects, the group defined in the template project (if any, otherwise project_admins)

    Special notes

    • A special attention should be taken to not break all the elements that rely on FRS
      • Soap & CLI
      • REST
      • Webdav
    • If relevant/possible during development, a dedicated table to store permissions should be used to avoid clutter the existing permissions table.
    Juliana Leclaire (juliana), Marie Ange Garnier (marieange)
    Status
    Empty
    Done
    Development
    • [ ] Does it involves User Interface? 
    • [ ] Are there any mockups?
    • [ ] Are permissions checked?
    • [ ] Does it need Javascript development?
    • [ ] Does it need a forge upgrade bucket?
    • [ ] Does it need to execute things in system events?
    • [ ] Does it impact project creation (templates)?
    • [ ] Is it exploratory?
    Empty
    Details
    #9281
    Manuel Vacelet (vaceletm)
    2016-08-22 10:55
    2016-06-24 10:33
    4515

    References
    Referencing story #9281

    Git commit

    tuleap/tuleap/stable

    Do not add members to already existing FRS_Admin ugroups 96f18a62af
    Warn admin that user perms matrix has changed 88617e79da
    Create new section in FRS Admin bb398e9ea1
    Read perm + forgeupgrade (site and project perm) + Update site and project at FRS level 03c64afbc6
    Migrate old global FRS permissions 113c38452c
    UI FRS to select who is Admin f3562eb04f
    UI For Read permission dc3766cd60
    Update administration privilege ffd5954677
    Enhance inline help in FRS administration Access control 1d68bf0c16
    Redirect to edit-permissions once an update is done 4171075ef8
    Highlight FRS Service entry in sidebar b55c815535
    Do not display Administration in title when we are not in admin 799d5d210a
    Remove old call to old FRS permission and replace it with new permissions e930abd916
    Refactoring : Read and Write lists will be in includable mustache 8d0dc0bcaa
    Refactoring of package and release 45cd35894f

    Follow-ups