id,summary,reporter,owner,description,type,status,priority,component,severity,resolution,keywords,cc,release
10421,Do we really need to implement permissions in this plugin?,rjollos,rjollos,I've been thinking lately about whether the permissions for this plugin offer any value. The plugin should be disabled for `anonymous` users_ but for other users_ what is the value of being able to grant the feature to some users_ and not other users? \r\n\r\nWhat use cases do people have for making use of the permissions? Would it be a problem to just drop the permissions from the plugin? The bookmarks feature seems to be pretty benign; I can't see the harm in providing it to everyone. Can anyone think of security holes that would be opened by dropping the permission? Dropping the permission would certainly simplify installation.\r\n\r\nThe `BOOKMARK_MODIFY` is not currently used_ and I can't see how it could be useful even as features are added. Is there a use case for allowing users to view bookmarks_ but not add them? The only use-case I think of is to provide users with a set of read-only bookmarks_ but can anyone actually envision using a feature like that in practice?\r\n\r\nAn alternative to permissions would be to have a user preference_ so that users not wanting the feature could disable it.\r\n\r\nWhat brought this to mind again_ and caused me to raise a ticket_ was the thought of suggesting to include the feature in the Bloodhound project_ and simplifying the installation in order to make that a more realistic possibility.,enhancement,closed,high,BookmarkPlugin,normal,wontfix,permissions,jun66j5,0.12