Redmine

Hi all,

While waiting for #337 (private issue) I think of an alternative to protect the contents of every posts (issue's description, journal notes, comments, messages, etc.) The idea is inspired from Apache .htaccess: To protect any contents, I add some directives at the very begining of the text, for e.g.,

{{{
  allow @Assignable, user1;
  deny user2, @User
}}}
The contents of the messages (would be denied from user2 and all users has role User)

I implemented successfully such feature for my site. (For example, when accessing http://viettug.org/wiki/rocky/Text_Permission you would see Contents protected).

Technical said, I override attribute methods in the models. For example, redefine description for News class. And I have to write a common function to parse the directives {{{...}}}. There are some small troubles when users edit the protected contents, but this depends on how the manager set the rules for the projects. When it is stable enough I would announce the source/patch (I cannot implement it as a module. I hacked the Redmine code instead.)

When implementing the feature, I note that we should need a common way/hook for object's attributes (:description for :issue, :notes for :journal, etc), and the common way to use them. For example, some places in the Redmine source (0.8.5) uses object.attribute, some other places use object.read_attribute(:attribute_name) to get the contents. I found that way was hard to maintain.

I post my idea here and hope it may be useful.

Regards,

PS: I am sorry for my poor English.