Chapter 3. Permissions and Security
Our knowledgebase plugin adds extra content to Redmine projects in the form of categories and articles. These new content areas may contain sensitive information, which we would want to restrict certain users from accessing.
As there are different levels of users in Redmine for issue reporting and management, it is only natural that we would want to restrict access to the content in our knowledgebase plugin in a similar fashion.
This chapter will introduce the Redmine permission system and tells us how we can take advantage of it to restrict access to content areas within our plugin.
We will cover the following topics in this chapter:
Summarizing Redmine's permissions system
Declaring custom permissions
Ensuring access restrictions in models, views, and controllers
Understanding custom content access control
