[dev] Horde Perms

Gonçalo Queirós goncalo.queiros at portugalmail.net
Sun Aug 14 02:00:42 UTC 2011


On 08/13/2011 02:44 PM, Jan Schneider wrote:
>
> Zitat von goncalo.queiros at portugalmail.net:
>
>> Hi there.
>>  Started to dedicate some attention to Horde Perms, and there seems 
>> to be
>> some odd behaviors with it:
>>
>>  - If i give to user A permission to kronolith:max_events = 2, he 
>> will be
>> able to create only 2 events, but every other user won't be able to 
>> create
>> any event.
>>  I then give all authenticated users permission to create 5 events, 
>> and my
>> user A will now be able to create 5 events too. Digging the code i 
>> saw that
>> Horde_Perms just returns to Kronolith an array('2', '5'), and then
>> Kronolith uses the max of the array.
>>  As a user pointed on the IRC, i could add all users to a group, give 
>> that
>> group permissions to create 5 events, and give user A permission to 
>> create
>> 2. While this would probably fix the problem, it doesn't seem right 
>> because
>> every time a user registers i would need to add him to this group.
>
> There's nothing odd about this. Permissions are additive. You cannot 
> further restrict permissions that a user gained by other permissions.
Sorry, but i don't understand how does it make sense. If I deny a 
permission to a specific user, im also obliged to allow the permission 
to all access users (otherwise, none will have it), and since they are 
additive, it actually doesn't matter what i set to the specific user.
Currently you can't deny access to one user to an application, and still 
allow all authenticated users to access it..

Thanks, Gonçalo


More information about the dev mailing list