[Labs-l] Per-project service users and groups
Ryan Lane
rlane at wikimedia.org
Tue Mar 19 20:45:00 UTC 2013
On Tue, Mar 19, 2013 at 1:19 PM, Marc A. Pelletier <marc at uberbox.org> wrote:
> On 03/19/2013 04:09 PM, Andrew Bogott wrote:
> > I'm starting to write the php code to create/delete groups and
> > and/remove members, and I think I don't have all the info I need here.
> > Can you run down an example or two? Specifically, I'm not clear how a
> > given user is given membership in a specific group.
>
> Any current member of the group can add a project user to the group, and
> the user who created the group gets automatically added.
>
> Removing is an interesting question. I would say that anyone can remove
> oneself, and project admins can remove anyone; but that nobody can
> remove the last user. The service user itself is always a member of the
> group and can never be removed (and should probably not even be
> displayed in the interface).
>
>
We should create the group first, then use the gid from the group as the
user's primary group. Then we don't need to worry about displaying it in
the group. It also solves the "what group should use as the gid" problem
below.
Either we should restrict membership changes to projectadmin or we should
let anyone in the group add anyone else. I like the latter, as it's less
complicated.
Deleting a service group/user should be restricted to project admins.
>
>
+1
> I'm not sure if we want to restrict service group/user *creation*. If
we do, it has to be project admins.
>
>
I think it's fine to let anyone create users.
- Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20130319/790cfbf7/attachment.html>
More information about the Labs-l
mailing list