[turba] turba permissions....
Marko Djukic
marko at oblo.com
Wed Feb 26 16:15:12 PST 2003
Amith, try what i just committed.
This fixes the viewing of sources marked as "public", but it does not fix the
editing of these sources. Don't think we can assume that public sources are
editable if there is no owner field. We need an extra bit of info to determine a
public source which is private, hence editable when no user.
- If this is only personal_ldap case do we put a fix in for just that?
- Or do we put a fix in for example checking any source which has "personal_" as
the start of their name is assumed to be personal hence full permissions?
- Or another setting in sources? personal true/false... ideally it would be good
to be able to set a three step field: personal/owner/public scope since they are
mutually exclusive and define the permissions behaviour well (plus reduce the
ever growing number of settings to fiddle with).
marko
Quoting Chuck Hagenbuch <chuck at horde.org>:
> Quoting Amith Varghese <amith at xalan.com>:
>
> > I'm running CVS HEAD and I have a problem with the checkPermissions
> > function in lib/Turba.php. The problem is that I'm trying to view an
> > entry in an addressbook and I get "You do not have permission to view this
> > object".
>
> Marko - what do you want to do about this? Personal LDAP addressbooks are
> going to have this problem, since they don't have an owner field, but the
> LDAP server takes care of the auth for us, so anything a user gets back is
> going to be theirs.
>
> -chuck
>
> --
> Charles Hagenbuch, <chuck at horde.org>
> must ... find ... acorns ... *thud*
>
> --
> Turba mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: turba-unsubscribe at lists.horde.org
>
More information about the turba
mailing list