incubator-allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Van Steenburgh <tvansteenbu...@gmail.com>
Subject Documenting Tool Permissions
Date Wed, 17 Jul 2013 15:55:15 GMT
I'm working on https://sourceforge.net/p/allura/tickets/5517/ . In documenting permissions,
I'm finding places where things are not working as probably intended.

Consider the "save_searches", "configure", and "admin" permissions in the Tracker tool:
"save_searches" protects the individual methods on the BinController, but...
...user will not actually see the "Edit Searches" button in the sidebar unless he has the
"configure" permission; however...
even with the "configure" permission, user will get a 403 when clicking on the "Edit Searches"
button unless he also has the "admin" permission, b/c the BinController is mounted on the
TrackerAdminController

I have two proposals:

Remove the "save_searches" permission and include "Edit Searches" in the "configure" permission
Move the BinController off the TrackerAdminController and onto the Tracker RootController

Anyone have thoughts on this, or objections?


-- 
Tim Van Steenburgh


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message