[dev] Object_creator Permissions

[Jan Schneider]

Zitat von Michael Menge <michael.menge at zdv.uni-tuebingen.de>:

> Hi,
>
> At the moment i have some trouble with shares, see Bug #4021 and
> feature request #4063. I would like to help in solving this problem. Here is
> my proposel how i think the share system should handle the object_creator.
>
> ---------------
> We have the Permissions SHOW, READ, EDIT, DELETE and CREATE
>
> If object_creator has the SHOW permission a user should only see a share if
> there are objects in the share he owns.

No, shares don't know about their objects.

> In this case the user should only see objects he owns.

This is how it works today.

> How the user could create the object is not the matter at this place
>
> If object_creator has the READ permission a user should only be able to READ
> the objects he owns. Same for EDIT and DELETE

Should be the case already.

> If object_creator has the CREATE permission and the user owns an object that
> is a share itself the user would be able to create entries in the subshare,
> but not to create other objects in the share itself. To create a new
> object in a
> share the user must have CREATE permission set for him or for a group he is
> in.

Huh? I think you confuse shares and objects here.

> Maybe we need a way for the owner of the share to change ownership of object
> in his share.

This is already possible with event delegation in Kronolith.

> ----------------------------------------------------------------------------
>
> At the moment it is not tested if there are objects in a share that
> are created by the user so every user has the right to see a share and
> to add new objects in a share if the object_creator has SHOW or EDIT
> permission

Yes, and that's how it is supposed to work. Share permissions have  
nothing to do with the objects in the share, only objects are affected  
by the share permissions.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/