changed:
-
While I was implementing the then-new security model for Roundup (ie. the 
current one ;) I had to decide whether to have separate actions for "edit" 
and "create". At the time, I couldn't come up with a reason for supporting 
both. I think I made a mistake, and we really do need them separated.

o Registration of new users. We don't want anonymous users editing or viewing
  user records, but we do need them to be able to create one. Rego is
  currently broken because of this.

o Anonymous submission of issues. Again, no access to existing issues, but 
  we should allow anonymous creation of them.

So I'm going to look into adding creation to the standard set of permissions.


From unknown Fri Jul 16 23:22:55 -0400 2004
From: 
Date: Fri, 16 Jul 2004 23:22:55 -0400
Subject: Subgroups
Message-ID: <20040716092255-0400@www.mechanicalcat.net>

The idea of subgroups fits in with extending permissions. We want a way to put users into groups (maybe more than one) and issues into groups (again, maybe more than one) and only users  in the same group as an issue can see the issue - or even be aware it exists.
We would use this to effectively partition the tracker into client areas were company staff can see all issues but clients can only see their own. However, we could also create a product area and give all clients with an interest in the product access (maybe only view access) to the issues.

We've looked at doing this with nosy lists but it doesn't fit neatly with the security model.