Summary
Restricting access to various content areas and limiting what users can do with existing content are the primary functions of Redmine's permission system.
In this chapter, we learned how Redmine manages permissions, how we can add our own controllers and actions to a permissions list, and how to enforce these permissions in our views.
We also explored a case study and provided a whitelist approach to restricting content in a more granular fashion than Redmine provides in its core libraries.
In the next chapter, we'll be adding file attachments to our plugin's models.