[Cubicweb] Adding a "everyone" permission group

Christophe de Vienne christophe at unlish.com
Thu Dec 11 12:15:33 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everyone,

In cubicweb, the default rdef read permission is ("managers", "users",
"guests"), which actually means, in this context: everyone can read it.

If a user is not member of any of this groups, the relations are not
readable anymore, and fixing it requires to patch the permissions of
all the relations of the model.

The issue has a ticket of its own:

    http://www.cubicweb.org/ticket/3154558

The proposed patch (http://www.cubicweb.org/patch/3155801) uses the
tuple as a special value to detect which rdef has a "everyone" read
permission.

This solution does not seem satisfying to me, because it is
semantically false: ("managers", "users", "guests") may willingly not
be everyone.

Hence, I think it is time to discuss the introduction of a virtual
permission group: "everyone".

Alternative names could be "system.everyone", or "cw.everyone", if we
want to avoid name collision with potentially existing groups (I doubt
it would be a problem though).

How to you feel about this proposal ?

Could we work on it for cw 3.21 for example ?


Christophe

PS: Unlish needs this, and we currently workaround the issue with a
monkey-patch built from the patch mentioned above).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUiXzVAAoJEFATnylB+5mRYDMIALbN/B5flDbJ0tGWfcCbJMbG
3f1pgGDFbkl0Ht1hKAwfawOFsBtHZdv/K3QtKXF8uN9MR4mlsyOuMbC8sFF06Tvx
UxNAGTaeUQVTqe7ancLsOcdgPBPa+SQR7RfQm9cj5njLPmD6zNsvH3rpxzbViWhk
ObbsfOpWQIxry4NPx+QRSG16t3WQ2Zm2VFNTQlIE89io1Pnmwv0Hg+0pbtUrCts5
DjI0NBbbdvR1upd4Kk/P3VC7H1tCerwGz4Lq1SfpJ0FAeY6hhSSJ96N/Ja5cWVcS
9vqgFjPPt1RpRzsEHnqnz3ts0K42z6MS0I3UtBM1Wq6l6LNgST9E+uJzZhgLbRg=
=YBWl
-----END PGP SIGNATURE-----



More information about the Cubicweb mailing list