group_control_map.canconfirm and friends
Nick Barnes
Nick.Barnes at pobox.com
Mon May 14 00:22:48 UTC 2007
At 2007-05-14 00:12:06+0000, Nick Barnes writes:
> Now, this indicates to me that (say) editcomponents privileges for a
> given product are given to everyone who is in *any* group with a
> suitable row in group_control_map, as opposed only to those people who
> are in *all* such groups. It's a union permission, in contrast to the
> intersection permissions which most of the groups system uses.
In particular, I'm confused about the difference between the 'canedit'
and 'editbugs' columns of group_control_map. Why are both of these
columns needed? Where does each one get tested in the code when
editing a bug? And what are the semantics if either (or both) of them
are set for multiple groups?
Suppose I have a product with four rows in group_control_map for
groups G1-G4.
canedit editbugs
G1 1 1
G2 1 0
G3 0 1
G4 0 0
What group memberships would a user require to make an edit to a bug
in this product? It seems to me that she would need *both* G1 and G2
(because *all* 'canedit' groups are required). And then she wouldn't
need G3 (because already having G1 she passes the *any* test for
'editbugs').
I'm going to bed now; it might all be clearer in the morning.
Nick B
More information about the developers
mailing list