Loading...
 

Tikiwiki-devel (mailman list mirror)


List and view permission for trackers

posts: 6984 Israel

Mistyping:

> Actually a user with ONLY tiki_p_view_trackers perms can list all the trackers, including those he don’t have access.

He can see only those he have access, still there are many case you don’t want the user to be able to view the list of the trackers and only the items.


> On 14 Sep 2017, at 13:35 , Bernard Sfez <me@bsfez.com> wrote:
>
> Hello Devs,
>
> Can list trackers (tiki_p_list_trackers) === to LIST all the trackers
> Can view trackers (tiki_p_view_trackers) === to be able to view tracker items
>
> Actually a user with ONLY tiki_p_view_trackers perms can list all the trackers, including those he don’t have access.
> (I’m not sure what is for tiki_p_list_trackers then)
>
> May be the behavior changed in time (or something was broken) but in my mind we have those 2 permissions to separate listing control over items view.
> IE: Someone can see items in trackers but not list all the existing trackers.
>
> Should I set this back ?
>
> Bernard
>
>
>
>



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world’s most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
TikiWiki-devel mailing list
TikiWiki-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel

posts: 3190 United Kingdom

Hi B

Not sure what you’re asking here - that tiki_p_list_trackers should be used to control who can see trackers in a list, regardless of tiki_p_view_trackers (which seems to be more about tracker items than trackers)?

Or is that how it is now? (not totally clear from a quick search of the code but that seems to be what’s set up in \ObjectLib::get_needed_perm)

jb



> On 14 Sep 2017, at 11:37, Bernard Sfez <me@bsfez.com> wrote:
>
> Mistyping:
>
>> Actually a user with ONLY tiki_p_view_trackers perms can list all the trackers, including those he don’t have access.
>
> He can see only those he have access, still there are many case you don’t want the user to be able to view the list of the trackers and only the items.
>
>
>> On 14 Sep 2017, at 13:35 , Bernard Sfez <me@bsfez.com> wrote:
>>
>> Hello Devs,
>>
>> Can list trackers (tiki_p_list_trackers) === to LIST all the trackers
>> Can view trackers (tiki_p_view_trackers) === to be able to view tracker items
>>
>> Actually a user with ONLY tiki_p_view_trackers perms can list all the trackers, including those he don’t have access.
>> (I’m not sure what is for tiki_p_list_trackers then)
>>
>> May be the behavior changed in time (or something was broken) but in my mind we have those 2 permissions to separate listing control over items view.
>> IE: Someone can see items in trackers but not list all the existing trackers.
>>
>> Should I set this back ?
>>
>> Bernard
>>
>>
>>
>>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world’s most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> TikiWiki-devel mailing list
> TikiWiki-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world’s most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
TikiWiki-devel mailing list
TikiWiki-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel

posts: 6984 Israel

Hi Jonny,

I agree with that;
> tiki_p_list_trackers should be used to control who can see trackers in a list
> tiki_p_view_trackers (which seems to be more about tracker items than trackers)

It is actually not the case anymore.
>>> Actually a user with ONLY tiki_p_view_trackers perms can list all the trackers, including those he don’t have access.
(meaning with tiki_p_view_trackers check but tiki_p_list_trackers uncheck)

A regression IMO.

B



> On 18 Sep 2017, at 19:37 , Jonny Bradley <jonny@tiki.org> wrote:
>
> Hi B
>
> Not sure what you’re asking here - that tiki_p_list_trackers should be used to control who can see trackers in a list, regardless of tiki_p_view_trackers (which seems to be more about tracker items than trackers)?
>
> Or is that how it is now? (not totally clear from a quick search of the code but that seems to be what’s set up in \ObjectLib::get_needed_perm)
>
> jb
>
>
>
>> On 14 Sep 2017, at 11:37, Bernard Sfez <me@bsfez.com> wrote:
>>
>> Mistyping:
>>
>>> Actually a user with ONLY tiki_p_view_trackers perms can list all the trackers, including those he don’t have access.
>>
>> He can see only those he have access, still there are many case you don’t want the user to be able to view the list of the trackers and only the items.
>>
>>
>>> On 14 Sep 2017, at 13:35 , Bernard Sfez <me@bsfez.com> wrote:
>>>
>>> Hello Devs,
>>>
>>> Can list trackers (tiki_p_list_trackers) === to LIST all the trackers
>>> Can view trackers (tiki_p_view_trackers) === to be able to view tracker items
>>>
>>> Actually a user with ONLY tiki_p_view_trackers perms can list all the trackers, including those he don’t have access.
>>> (I’m not sure what is for tiki_p_list_trackers then)
>>>
>>> May be the behavior changed in time (or something was broken) but in my mind we have those 2 permissions to separate listing control over items view.
>>> IE: Someone can see items in trackers but not list all the existing trackers.
>>>
>>> Should I set this back ?
>>>
>>> Bernard
>>>
>>>
>>>
>>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world’s most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> ___
>> TikiWiki-devel mailing list
>> TikiWiki-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world’s most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> TikiWiki-devel mailing list
> TikiWiki-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world’s most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
TikiWiki-devel mailing list
TikiWiki-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel


Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.