[horde] Object Creator Permission
Jan Schneider
jan at horde.org
Sun Mar 1 11:41:49 UTC 2009
Zitat von Alfonso Marín Marín <almarin at um.es>:
> Hi all,
>
> We are trying to use kronolith shared calendars to manage shared
> resources (cars, meeting-rooms, etc). We need:
> - Only a group of users can see the calendars and make reservations
> - Every user can only edit or delete their own reservations.
>
> To achieve that, we are using:
> - SHOW and READ perms to that group of users.
> - MODIFY + DELETE to "creator object".
>
> It works, but we have a problem: the calendars are available for
> writing to all users because of the "creator object" permisson.
>
> It happend because kronolith (and in every horde application) checks
> only for EDIT permissions.
>
> So i have 2 questions:¿ Does another another permission combination
> exist to achieve that scenario?
No, and how should that work anyway? If the users wouldn't have
permissions to create events, how should they be able to modify/delete
them with their owner permissions at a later point?
> ¿Would it be reasonable checking for SHOW perms in creating
> aplication forms? I think that an user should create events from
> application UI only in those calendars that are accesible from the
> UI (i mean, only in those calendars with SHOW perms).
No, show is show, edit is edit. The difference is pretty clear and
changing the behavior would be unintuitive and confusing.
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
More information about the horde
mailing list