group_control_map.canconfirm and friends

Nick Barnes Nick.Barnes at
Mon May 14 00:22:48 UTC 2007

At 2007-05-14 00:12:06+0000, Nick Barnes writes:
> Now, this indicates to me that (say) editcomponents privileges for a
> given product are given to everyone who is in *any* group with a
> suitable row in group_control_map, as opposed only to those people who
> are in *all* such groups.  It's a union permission, in contrast to the
> intersection permissions which most of the groups system uses.

In particular, I'm confused about the difference between the 'canedit'
and 'editbugs' columns of group_control_map.  Why are both of these
columns needed?  Where does each one get tested in the code when
editing a bug?  And what are the semantics if either (or both) of them
are set for multiple groups?

Suppose I have a product with four rows in group_control_map for
groups G1-G4.

        canedit editbugs
G1      1       1
G2      1       0
G3      0       1
G4      0       0

What group memberships would a user require to make an edit to a bug
in this product?  It seems to me that she would need *both* G1 and G2
(because *all* 'canedit' groups are required).  And then she wouldn't
need G3 (because already having G1 she passes the *any* test for

I'm going to bed now; it might all be clearer in the morning.

Nick B

More information about the developers mailing list