ROADMAP_VIEW / MILESTONE_VIEW privilege

[dave@…]

roadmap.py is checking for ROADMAP_VIEW, which will only work as long as one keeps the ROADMAP_VIEW permission for anonymous that's set up by db_default.py. Once you delete that, nobody without WIKI_ADMIN privileges can look at the roadmap, because you can create MILESTONE_VIEW privs to your hearts content but they'll be ignored.

[Matthew Good]

I assume you mean MILESTONE_ADMIN, not WIKI_ADMIN. The MILESTONE_VIEW permission works as documented, allowing a user to view individual milestones. The ROADMAP_VIEW permission is required to view the roadmap.

[David Abrahams <dave@…>]

No, I did not mean MILESTONE_ADMIN, I really meant WIKI_ADMIN. Ooooh, I see, ROADMAP_VIEW and MILESTONE_VIEW are distinct concepts. That's a bit confusing because I'm sure I saw it documented somewhere that all the MILESTONE_* privileges used to be called ROADMAP_*, so I assumed ROADMAP_VIEW was obsolete.

Well, all I can tell you is that I had MILESTONE_ADMIN set, and still could not view the roadmap page. Is that the expected behavior? If so, IMO it should be documented as such.

[Christian Boos]

The ROADMAP_VIEW could be replaced by MILESTONE_LIST.

(similar to the ATTACHMENT_LIST permission introduced in the source:sandbox/security branch)

[Christian Boos]

See also #3022. We should eventually remove all ROADMAP_* permissions.

[Ryan J Ollos]

The Roadmap doesn't present any information that the user wouldn't already have access to with MILESTONE_VIEW. We could just use MILESTONE_VIEW to determine whether the Roadmap navigation item is present. Fine-grain permission checks when listing the milestones in the /roadmap view could determine which milestones are displayed.

In #1233, I'm considering to propose that Versions also be listed on the Roadmap. In that case, we could want the Roadmap navigation item to be present when the user has either MILESTONE_VIEW or VERSION_VIEW, and to perform fine-grained permission checks on each resource before displaying it in the /roadmap view.