| | 1 | = User access model = |
| | 2 | |
| | 3 | There are two kinds of users, those who have logged onto the project as a named user |
| | 4 | and those who have not. While not logged on the user is an anonymous user. |
| | 5 | |
| | 6 | You also need to know that there are two components to a project - a trac envrionment |
| | 7 | (wiki and ticketing system) and an svn repository. The two have distinct access |
| | 8 | control mechanisms, which we try to keep in sync with each other. |
| | 9 | |
| | 10 | There are three kinds of access levels that a user account (or the anonymous user) |
| | 11 | may have: |
| | 12 | |
| | 13 | 1. User access. This is a different name for read access, but "read access" does not |
| | 14 | quite hit the spot as this includes the permission to create and comment on tickets. |
| | 15 | This includes read access to the svn repository. |
| | 16 | 1. Developer access. This is a different name for read/write access. The permissions |
| | 17 | are a superset of user access. This includes read/write access to the svn repository. |
| | 18 | 1. Admin access, or TRAC_ADMIN permission. This gives full access to the trac environment, |
| | 19 | but no access at all to the svn repository (other than browsing it through the wiki). |
| | 20 | |
| | 21 | To make these access levels real, the permission groups "user" and "developer" have been |
| | 22 | defined. There is also an hourly job on the system that translates this information into |
| | 23 | svn repository access permissions. This is done in case that an admin has changed access |
| | 24 | to the trac environment. There is no permission group "admin", as this has no effect on |
| | 25 | the svn repository and can be handled by the trac permission TRAC_ADMIN. |
| | 26 | |
| | 27 | Admins and developers have an "Admin" button in the wiki. When they use it an admin |
| | 28 | can select General : Permissions to configure which users have which level of access: |
| | 29 | |
| | 30 | 1. To grant anonymous read access (user access) use the bottom right panel with subject |
| | 31 | "anonymous" and group "user". |
| | 32 | 1. To grant read access (user access) to a named user use the bottom right panel with |
| | 33 | the user name as subject and with group "user". |
| | 34 | 1. To grant read/write access (developer access) to a named user use the bottom right |
| | 35 | panel with the user name as subject and with group "developer". |
| | 36 | A user is never given both user and developer access explicitly, developer access |
| | 37 | includes user access anyway. If you promote someone from user access to developer |
| | 38 | access, you should remove the explicit user access for that user. |
| | 39 | 1. To grant admin access to a names user use the top right panel with the user name |
| | 40 | as subject and with action "TRAC_ADMIN". |
| | 41 | |
| | 42 | '''Warning:''' Although admin access includes developer and user access to the wiki and |
| | 43 | ticketing system, it does not include any access to the repository through and svn client. |
| | 44 | In general an admin is also explicitly a user or a developer. |
