38 | | It doesn't work to ask our customers to [TracMultipleProjects/SingleEnvironment share the same Trac instance]. Customers need privacy, and Trac isn't yet up to the task of [TracDev/SecurityBranch managing fine-grained permissions] on individual [WikiContext resources]. Sometimes we're working on proprietary software that ''must'' be kept private, but even when we're working on open source, customers generally feel more comfortable when their issues are not exposed to the world. |
| 38 | * creation and initialization of new trac instances |
| 39 | * setting up common user permissions |
| 40 | * making trac.ini adjustments across all projects |
| 41 | |
| 42 | == What's Wrong with TracMultipleProjects/SingleEnvironment? == |
| 43 | |
| 44 | It doesn't work to ask our customers to share the same Trac instance. Customers need a sense privacy. Sometimes we're working on proprietary software that ''must'' be kept private, but even when we're working on open source, customers generally feel uncomfortable when all their issues are not automatically exposed to the world. |
| 45 | |
| 46 | Although there's been some work in this area, Trac can't yet give my customers the privacy they need. There are at least two areas that need work in Trac to change that: |
| 47 | |
| 48 | * TracDev/SecurityBranch (which, despite its name, is on Trac's trunk now) needs to be extended to cover [WikiContext Trac resources] other than Wiki pages. |
| 49 | * A flexible and automatic way to attach these permissions to resources upon creation. In my usage model, when a customer enters a ticket, it should be visible to and writable by everyone in his company and everyone in my company, but nobody else. Also, I occasionally need to create a ticket myself, with those same properties, and assign it to the customer. These capabilities are outside the scope of TracDev/SecurityBranch, so they need to be addressed separately. The [http://trac-hacks.org/wiki/PrivateTicketsPlugin Private Tickets Plugin] can do the first part of the job for me (using the old permissions system), but not the second. |
| 50 | |
| 51 | Naturally, the same kinds of issues apply to other resources such as Milestones. Upon creation by a customer, they need to be private to that customer and (some subset of) my people. When ''I'' create these resources there needs to be an ''easy'' way to make them private to a particular customer's company. And I'm sure that other people will have vastly different "permission workflow" requirements than I do, so it needs to be flexible. |