The changes I have made to SDM basically deal with the way permissions are done. I don't understand everything behind the system but this is what I thought:
- Teams are created (e.g: teamA, teamB)
- Users are assigned to Teams
- Packages are assigned to Teams (e.g: cms -> teamA, templating -> teamB)
- Project admin assigns members to roles (e.g: John (teamA) -> internal)
- Project admin assigns actions to roles (e.g: internal members can view project, edit project and fix issue. external can view project only)
Therefore:
- Members of the team that owns the package (granted that they have "view_project" permission) should be allowed to view the project _even_ if the project is not public.
- By having packages assigned to teams we won't have to create a team for every new package
- this will give us better granularity on the permissions and more flexibility.
To accomplish this, I created one table:
CREATE TABLE sdm_package_user_group_map (
package_id integer
constraint sdm_pac_ug_map_package_id_fk
references packages(package_id),
group_id integer
constraint sdm_pac_ug_map_group_id_fk
references user_groups(group_id)
);
and did a modification to user_can_see_package(user_id,package_id), plus modified the pages in the authentication part (for example, in the index.tcl, users will see packages that are public AND those that belong to the group that he/she belongs to).
Comments??? Please.
