Ticket #1679 (new enhancement)

Opened 2 years ago

Last modified 23 months ago

Default roles problem

Reported by: dread Owned by:
Priority: awaiting triage Milestone: ckan-backlog
Component: ckan Keywords:
Cc: kindly Repository: ckan
Theme: none


The 'editor', 'anon_editor' and 'reader' roles are intended to have immutable actions. This was designed to prevent their names being subverted - e.g. an editor should always be able to edit! It also meant that when we add Actions (e.g. DELETE-PACKAGE) then it can be added sensibly to these roles in an upgrade just by changing the defaults table (ckan/model/authz.py).

The problem is that this immutability is only enforced on 'db upgrade'. So you can happily change the editor role using the paster command and it works, right up until you do an upgrade and realise permissions are different.

We should stop the paster commands being able to edit these roles. Or get rid of the immutability completely. Views?

Change History

comment:1 Changed 23 months ago by seanh

  • Milestone set to ckan-backlog
Note: See TracTickets for help on using tickets.