[whups] About whups permissions and whups:admi
Mathieu CLABAUT
mathieu.clabaut at free.fr
Thu Jan 27 08:46:35 PST 2005
On Thu, 27 Jan 2005, Chuck Hagenbuch wrote:
> Quoting Mathieu CLABAUT <mathieu.clabaut at free.fr>:
>
>> At first, I needed to give administration rights for whups to somebody
>> which has non need to have administration rights over the whole horde
>> framework. I tried to set up an whups:admin permission, but was unable
>> to set it without modifying
>> whups/lib/api.php:_whups_getTicketDetails() by applying the following
>> patch given bellow.
>
> You mean _whups_perms? Anyways, yes, that patch is needed, I'm committing it.
>
>> Then the user newly privileged was unable to see the existing queues.
>> I need for each queue to give him admin privileges.
>>
>> I indeed see teh following comment in
>> lib/Whups.php:permissionsFilter() :
>> // We purposely DO NOT use Auth::isAdmin('whups:admin') here,
>> // since admins local to Whups still need to be granted
>> // permission to the queues that they will administer.
>
> Maybe we should change this assumption. Opinions?
Mhhh, I may be biased, but the following hierarchy seems sound to me :
Global level admin (horde/config/conf.php)
+ Application level admin (application:admin permission)
+ Object level admin (application defined, like queue permission for
whups)
And I see no valid reason to bypass the application level.
-mat
--
________________http://www.gnu.org/philosophy/no-word-attachments.fr.html
Mathieu CLABAUT mailto:mathieu.clabaut at free.fr
F2F5 442F F2AC E1D5 9D31 3EFC 842A BC4A 123B 9A65
More information about the whups
mailing list