[Cubicweb] Adding a "everyone" permission group
aurelien.campeas at logilab.fr
Thu Dec 11 12:24:33 CET 2014
Le 11/12/2014 12:15, Christophe de Vienne a écrit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hi everyone,
> In cubicweb, the default rdef read permission is ("managers", "users",
> "guests"), which actually means, in this context: everyone can read it.
> If a user is not member of any of this groups, the relations are not
> readable anymore, and fixing it requires to patch the permissions of
> all the relations of the model.
> The issue has a ticket of its own:
> The proposed patch (http://www.cubicweb.org/patch/3155801) uses the
> tuple as a special value to detect which rdef has a "everyone" read
> This solution does not seem satisfying to me, because it is
> semantically false: ("managers", "users", "guests") may willingly not
> be everyone.
> Hence, I think it is time to discuss the introduction of a virtual
> permission group: "everyone".
"anyone" ? :-p
> Alternative names could be "system.everyone", or "cw.everyone", if we
> want to avoid name collision with potentially existing groups (I doubt
> it would be a problem though).
> How to you feel about this proposal ?
> Could we work on it for cw 3.21 for example ?
I can certainly adjust the above patch is this direction.
Will not take a huge amount of time.
More information about the Cubicweb