Security

[Joel Peshkin]

Casey Gregoire wrote:

> Is it possible to have access rights to only edit certain products? At 
> my office we have about 10 projects, but we want managers on say two 
> products to add components to them, but not any other products. Or am 
> I correct in thinking that if you can edit products you can edit ALL 
> of them? Is this something you can control on 2.17.4? (I am on 2.17.4) 
> I know you can be able to only set certain bits for groups on certain 
> users, but can your restrict the right to change products, versions 
> and milestones on a certain product to only particular people?
>
In 2.17.4, you can define an arbitrarily large number of groups and use 
them for roles if you don't mind hacking a bit.

To do this, you would have to create groups like....
"role_editproduct_foo" for product "foo" and "role_editproduct_bar" for 
product "bar"

Then, you alter the editproducts.cgi and editcomponents.cgi to add 
checks where you call UserInGroup() to check to see if the user is in a 
group called "role_editproduct_$productname" and throw an error if they 
are not permitted.

-Joel