[Mailman-Developers] Soliciting feedback on idea for rounding out the permissions model.

Andrew Stuart andrew.stuart at supercoders.com.au
Mon Feb 16 01:39:30 CET 2015 

I had an idea about rounding out the Mailman permissions model, interested in hearing thoughts on it. Obviously there has been considerable discussion on this topic before.

Mailman already carries much of the information needed for determining user permissions to Mailman resources. Only two things are missing: 1: the ability to define a user as being a “serverowner”
2: the ability to define a user as being a “domainowner”

(You’ll need to look at this email in plain text to see the table properly).

The Mailman permissions model currently looks like this:

resource_type     roles             resource_id        user_identifier   where to find permission
---------------------------------------------------------------------------------------------------------
user              userowner         n/a                UUID              (defined in user record)    
list              listowner         list_id            subscriber        (defined in list member record)
list              listmember        list_id            subscriber        (defined in list member record)
list              listmoderator     list_id            subscriber        (defined in list member record)
list              listnonmember     list_id            subscriber        (defined in list member record)

I am suggesting adding two further permissions to the existing permissions model, which would look like this: 

resource_type     roles             resource_id        user_id           where to find permission
---------------------------------------------------------------------------------------------------------
server            serverowner       n/a                UUID              (not currently defined in Mailman)
domain            domainowner       mail_host          UUID              (not currently defined in Mailman)


To implement, it would need to be possible to define as user as being a ‘serverowner’, and also to be able to define a user as being a ‘domainowner’ for any given domain. 

If it were possible to do so within the Mailman core then there would be a completely usable permissions model entirely within Mailman, and no need to store any additional permissions data outside Mailman. The permissions model would allow definition of user access to any Mailman resource including domains and servers.

The interpretation of the permissions would still be up to the application that consumes the REST API, as is currently the case.

Thoughts?

as

More information about the Mailman-Developers mailing list