| ~ | | Add site divisions within Review Board with permission checking. |
| | ~ | Add site divisions within Review Board. |
| | |
|
| | | This change adds a new app within RB called "site", which will be used to divide
|
| | | a single review board server with permissions barriers. At the moment, a
|
| ~ | | LocalSite has a name and a list of users who have access to that site. This is
|
| | ~ | LocalSite has a name and a list of users who have access to that site. This is
|
| | | related to various objects via a foreign key. If that relation is null, the
|
| ~ | | given object is treated as being totally open. If not, the requesting user is
|
| ~ | | checked against the users list. |
| | ~ | given object is treated as being totally open. If not, the requesting user will
|
| | ~ | be checked against the users list. |
| | + |
|
| | + | The plan is to namespace our URLs such that most views can either be at the root
|
| | + | (for example, "/r/1/") or prefixed with the LocalSite name ("/site-name/r/1/").
|
| | + | If an object has a LocalSite set, it must be accessed via the URL with the
|
| | + | name. While many objects will have pks that are universally the same (comments,
|
| | + | for example), we want it to appear as if, for all intents and purposes, they
|
| | + | have their own reviewboard instance running in a rooted name. |
| | + |
|
| | + | The one special object as far as IDs go is ReviewRequest. This has both a pk and
|
| | + | a "local_id" field. The local_id is a special field which is unique among all
|
| | + | ReviewRequests that have the same local_site. This allows us to give the sites
|
| | + | their own ID namespaces, since people will be passing the IDs on the
|
| | + | command-line for post-review. |
