Mercurial > p > roundup > code

annotate doc/security.txt @ 726:e3d742c75ac3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Well whadya know, bsddb3 works again. The backend is implemented _exactly_ the same as bsddb - so there's no using its transaction or locking support. It'd be nice to use those some day I suppose.
author Richard Jones <richard@users.sourceforge.net>
date Tue, 21 May 2002 05:52:11 +0000
parents 2a563dbacd65
children d341cd0e7689
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
725
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 ===================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 Security Mechanisms
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 ===================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
4
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
5 :Version: $Revision: 1.1 $
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 Current situation
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8 =================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 Current logical controls:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12 ANONYMOUS_ACCESS = 'deny'
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
13 Deny or allow anonymous access to the web interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
14 ANONYMOUS_REGISTER = 'deny'
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
15 Deny or allow anonymous users to register through the web interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16 ANONYMOUS_REGISTER_MAIL = 'deny'
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
17 Deny or allow anonymous users to register through the mail interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
18
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
19 The web interface implements another level of user-interface security,
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
20 preventing non-admin users from accessing:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
21
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
22 - other user's details pages
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
23 - listing the base classes (not issues or their user page)
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
24 - editing base classes
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
25
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
26
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
27 Issues
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
28 ======
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
29
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
30 1. The current implementation is ad-hoc, and not complete for all `use cases`_.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
31 2. Currently it is not possible to allow submission of issues through email
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
32 but restrict those users from accessing the web interface.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
33 3. Only one user may perform admin functions.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
34 4. There is no verification of users in the mail gateway by any means other
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
35 than the From address. Support for strong signatures should be added.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
36
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
37
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
38 Possible approaches
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
39 ===================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
40
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
41 Security controls in Roundup could be approached in three ways:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
42
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
43 1) at the hyperdb level, with read/write/modify permissions on classes, nodes
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
44 and node properties for all or specific transitions.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
45 2) at the user interface level, with access permissions on CGI interface
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
46 methods, mailgw methods, roundup-admin methods, and so on.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
47 3) at a logical permission level, checked as needed.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
48
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
49 In all cases, the security built into roundup assumes restricted access to the
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
50 hyperdatabase itself, through Operating System controls such as user or group
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
51 permissions.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
52
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
53 Hyperdb-level control
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
54 ---------------------
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
55
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
56 Control is implemented at the Class.get, Class.set and Class.create level. All
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
57 other methods must access nodes through these methods. Since all accesses go
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
58 through the database, we can implement deny by default.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
59
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
60 Pros:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
61
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
62 - easier to implement as it only affects one module
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
63 - smaller number of permissions to worry about
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
64
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
65 Cons:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
66
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
67 - harder to determine the relationship between user interaction and hyperdb
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
68 permission.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
69 - a lot of work to define
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
70
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
71 User-interface control
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
72 ----------------------
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
73
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
74 The user interfaces would have an extra layer between that which
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
75 parses the request to determine action and the action method. This layer
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
76 controls access. Since it is possible to require methods be registered
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
77 with the security mechanisms to be accessed by the user, deny by default
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
78 is possible.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
79
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
80 Pros:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
81
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
82 - much more obvious at the user level what the controls are
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
83
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
84 Cons:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
85
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
86 - much more work to implement
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
87 - most user interfaces have multiple uses which can't be covered by a
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
88 single permission
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
89
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
90
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
91 Logical control
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
92 ---------------
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
93
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
94 At each point that requires an action to be performed, the security mechanisms
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
95 are asked if the current user has permission. There is no possibility to have
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
96 default of deny in this situation.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
97
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
98 Pros:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
99
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
100 - quite obvious what is going on
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
101 - is the current system
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
102
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
103 Cons:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
104
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
105 - large number of possible permissions that may be defined, possibly
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
106 mirroring actual user interface controls.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
107
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
108
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
109
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
110 Applying controls to users
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
111 ==========================
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
112
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
113 Individual assignment of Permission to User is unwieldy. The concept of a
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
114 Role, which encompasses several Permissions and may be assigned to many Users,
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
115 is quite well developed in many projects. Roundup will take this path, and
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
116 allow the multiple assignment of Roles to Users, and multiple Permissions to
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
117 Roles. These definitions will be stored in the hyperdb.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
118
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
119
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
120 Use cases
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
121 =========
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
122
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
123 public
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
124 end users that can submit bugs, request new features, request support
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
125 developer
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
126 developers that can fix bugs, implement new features provide support
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
127 manager
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
128 approvers/managers that can approve new features and signoff bug fixes
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
129 admin
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
130 administrators that can add users and set user's roles
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
131 system
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
132 automated request handlers running various report/escalation scripts
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
133 privacy
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
134 issues that are only visible to some users
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
135
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
136
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
137 Discussion
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
138 ==========
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
139
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
140 Date: Thu, 2 May 2002 11:46:56 -0400
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
141 From: David_Byrne@cisgi.com
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
142 To: roundup-devel@lists.sourceforge.net
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
143 I've really appreciated roundup so far. It has been very easy to create my own
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
144 template that adds functionality for my specific purpose. One area, for my
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
145 needs, that does not seem to be currently addressed in roundup is roles of
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
146 users. I have various roles that the users of my instance of roundup can have.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
147 I have:
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
148
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
149 1) end users that can submit bugs, request new features, request support.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
150 2) developers that can fix bugs, implement new features provide support
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
151 3) approvers/managers that can approve new features and signoff bug fixes
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
152 4) administrators that can add users and set users roles
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
153 5) processors - this is isn't totally thought out yet, but for me it would be an
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
154 automated request handler that would run various production scripts.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
155
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
156 Each of these roles need to have specific functionality within the web client
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
157 (and possibly the email client -- but I haven't looked at that much yet). An
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
158 example is that I don't want end users to be able to assign a specific developer
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
159 to a problem or support issue. I think that some of my functionality can be
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
160 implemented via the detectors, but I haven't fully researched it yet.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
161
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
162 So far, I have added a new class to the database called role which contains the
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
163 various roles outlined above. I have added a multilink in the user class to the
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
164 new role class. I have modified the base code in the cgi client to use the new
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
165 admin role when checking for admin instead of using the user id. I am working
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
166 on implementing the role for access to the individual forms and even specific
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
167 fields on the forms. Has anyone else done this or seen a need to do this?
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
168
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
169 I am planning on implementing this as an optional feature - basically the
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
170 security will be handled in a separate module so that a site could implement the
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
171 role functionality or exclude it by using the module that fits their needs. My
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
172 current changes to the admin checks would be pulled out into a separate
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
173 replaceable module. So if an implementation did not want to use roles, the
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
174 check would just check the user id to see if it was equal to "admin". In my
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
175 case, it would check the role of the user to see if it contained the admin role.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
176
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
177 If anyone else is interested in this, I will send the patches in when I am
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
178 completed with this. If anyone else has worked on this (and hopefully gotten
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
179 farther than I), please let me know.
2a563dbacd65 Initial doc holding collated thoughts on roundup security.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
180
Roundup Issue Tracker: http://roundup-tracker.org/