[Cubicweb] Adding a "everyone" permission group
Christophe de Vienne
christophe at unlish.com
Thu Dec 11 12:15:33 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
In cubicweb, the default rdef read permission is ("managers", "users",
"guests"), which actually means, in this context: everyone can read it.
If a user is not member of any of this groups, the relations are not
readable anymore, and fixing it requires to patch the permissions of
all the relations of the model.
The issue has a ticket of its own:
The proposed patch (http://www.cubicweb.org/patch/3155801) uses the
tuple as a special value to detect which rdef has a "everyone" read
This solution does not seem satisfying to me, because it is
semantically false: ("managers", "users", "guests") may willingly not
Hence, I think it is time to discuss the introduction of a virtual
permission group: "everyone".
Alternative names could be "system.everyone", or "cw.everyone", if we
want to avoid name collision with potentially existing groups (I doubt
it would be a problem though).
How to you feel about this proposal ?
Could we work on it for cw 3.21 for example ?
PS: Unlish needs this, and we currently workaround the issue with a
monkey-patch built from the patch mentioned above).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the Cubicweb