Redo the permission model
Created by: riyad
we should think of not making "higher" roles include all below, but allowing enabling/disabling permissions separately. They may be "grouped by purpose" and have levels (e.g. none, limited, full):
- guest = none everything
- master = full everything
- project management
- none = you are a minion ;)
- limited = add/remove/promote team members
- full = change project settings/group/...
- issue management
- none = read issues, notes
- limited = create issues, notes
- full = also close/tag issues
- coding
- none = browse code, pull code
- limited = also push to prefixed branch (prefixed with username), create merge request, create snippets
- advanced = also push to all non-protected branches, accept/close/tag merge request
- full = also push to protected branches, push tags, manage protected branches
- documentation
- none = read wiki pages
- full = CRUD wiki pages
Each of "project management", "issue management", "coding", "documentation" permissions could be set independently to a different level for each team member. This should give us a lot more flexibility. :D