[Cubicweb] Adding a "everyone" permission group

Aurélien Campéas aurelien.campeas at logilab.fr
Thu Dec 11 12:24:33 CET 2014


Le 11/12/2014 12:15, Christophe de Vienne a écrit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi everyone,
> 
> In cubicweb, the default rdef read permission is ("managers", "users",
> "guests"), which actually means, in this context: everyone can read it.
> 
> If a user is not member of any of this groups, the relations are not
> readable anymore, and fixing it requires to patch the permissions of
> all the relations of the model.
> 
> The issue has a ticket of its own:
> 
>     http://www.cubicweb.org/ticket/3154558
> 
> The proposed patch (http://www.cubicweb.org/patch/3155801) uses the
> tuple as a special value to detect which rdef has a "everyone" read
> permission.
> 
> This solution does not seem satisfying to me, because it is
> semantically false: ("managers", "users", "guests") may willingly not
> be everyone.
> 
> Hence, I think it is time to discuss the introduction of a virtual
> permission group: "everyone".

"anyone" ? :-p

> 
> Alternative names could be "system.everyone", or "cw.everyone", if we
> want to avoid name collision with potentially existing groups (I doubt
> it would be a problem though).
> 
> How to you feel about this proposal ?
> 
> Could we work on it for cw 3.21 for example ?

I can certainly adjust the above patch is this direction.
Will not take a huge amount of time.


Regards,
Aurélien.





More information about the Cubicweb mailing list