[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bricolage-devel
Subject:    RE: mods to permissions
From:       "Beaudet, David P." <D-Beaudet () NGA ! GOV>
Date:       2007-01-04 15:41:21
Message-ID: D9576F6F90F1BB4FA35FD9B4EAA30DE6B6A2DB () sv-e2kb-tdp ! nga ! gov
[Download RAW message or body]


Here's a patch for the distinct desk permissions.  I also added a global
configuration directive called "ENFORCE_DESK_PERMS_DISTINCTLY" to
control this behavior from bricolage.conf

Also, I had submitted a patch a couple of months ago for desk.mc that
prevents the delete checkbox from displaying for an asset that is
currently checked out to another user.  I moved that check into User.pm
instead so that it's consolidated with the rest of the permissions code.
This change is also included in the patch.

=20

-----Original Message-----
From: slanning@localhost.localdomain
[mailto:slanning@localhost.localdomain] On Behalf Of Scott Lanning
Sent: Thursday, January 04, 2007 4:54 AM
To: devel@lists.bricolage.cc
Subject: RE: mods to permissions

On Wed, 3 Jan 2007, Beaudet, David P. wrote:
> Under my current mods, a user has access to the LESSER of their
highest
> asset permissions and highest desk permissions.
>
> Without this distinction, a user can subvert the workflow / desk
> permissions by simply searching for and editing a story even though
that
> story is currently on a desk for which the user has no permissions.

Cool, that's a problem we have also.

["desk_permissions.zip" (application/x-zip-compressed)]

[prev in list] [next in list] [prev in thread] [next in thread]