r151 of the xmlrpc service

The r151 version attempts to add some security within the xmlrpc service itself, by checking to see if the requesting agent is a member of the group being modified, and has the permission to do the modification requested.

There is now an r152 with updates to this feature (groupEnforceGroupPerms) -- and it has been partially tested (changing active group and changing a group charter.) More testing to see if people can do things they're not supposed to be able to do is needed.

Group Access Lists

Limiting access to parcels using a group access list. An untested patch is available on the downloads page at http://code.google.com/p/flotsam/downloads/list

Direct Access to xmlrpc service

The xmlrpc service itself is vulnerable to hackers. It would be helpful if someone could attempt to create a test framework that connects directly to the xmlrpc service and attempts to do things like add members to groups, or change their roles.

Verify existing issues

Many of the existing issues have been solved but unverified. Any assistance checking over the existing issues to see if they're still a problem would be greatly appreciated: http://code.google.com/p/flotsam/issues/list

Test check list

The following should always work

1. Create Group
2. Edit group properties such as Charter, Insignia, Show in Search, Open Enrollment, mature content
3. Invite Members {they should get a popup}
4. Eject Members {they should be notified}
5. Add roles
6. Assign members to roles
7. Change role abilities/powers
8. Create notices
• Only notices without attachments are supported at the moment
9. Deeding land to groups

The following is assumed for the above:

• All users are online on the same grid
• Users are all in regions with xmlrpcgroups module
• all regions are using the same xmlrpc groups server

There is some cross grid functionality, but little has been tested please drop me feedback if you use it letting me know what worked and what didn't.