[turba] turba permissions....

Amith Varghese amith at xalan.com
Wed Feb 26 11:53:58 PST 2003


> This fixes the viewing of sources marked as "public", but it does not fix the
> editing of these sources. Don't think we can assume that public sources are
> editable if there is no owner field. We need an extra bit of info to
> determine a
> public source which is private, hence editable when no user.

Well I think we should define what public means.  I think i'm a little bit
unclear.  I marked the personal address book as *not* public because I don't
consider it public.  Its a Personal Address Book.  I dont' think it should have
public access.  However I realize my interpretation might be a little different
than what others think.


> - If this is only personal_ldap case do we put a fix in for just that?
> - Or do we put a fix in for example checking any source which has "personal_"
> as

i would be sort of against these two, they just don't sound like the right way
to fix this

> the start of their name is assumed to be personal hence full permissions?
> - Or another setting in sources? personal true/false... ideally it would be
> good
> to be able to set a three step field: personal/owner/public scope since they
> are
> mutually exclusive and define the permissions behaviour well (plus reduce the
> ever growing number of settings to fiddle with).

I don't know if you saw my earlier post, but I kind of got around this by
setting the admin of the personal address book as Auth::getAuth().  So maybe we
don't need to do anything (maybe just need to comment sources.php.dist some more?)

I think you should let us know what your definition of public is... i think we
can figure something out if we all have the same definition of "public"

Thanks
Amith




More information about the turba mailing list