Ticket #1679 (new enhancement)
Default roles problem
| Reported by: | dread | Owned by: | |
|---|---|---|---|
| Priority: | awaiting triage | Milestone: | ckan-backlog |
| Component: | ckan | Keywords: | |
| Cc: | kindly | Repository: | ckan |
| Theme: | none |
Description
The 'editor', 'anon_editor' and 'reader' roles are intended to have immutable actions. This was designed to prevent their names being subverted - e.g. an editor should always be able to edit! It also meant that when we add Actions (e.g. DELETE-PACKAGE) then it can be added sensibly to these roles in an upgrade just by changing the defaults table (ckan/model/authz.py).
The problem is that this immutability is only enforced on 'db upgrade'. So you can happily change the editor role using the paster command and it works, right up until you do an upgrade and realise permissions are different.
We should stop the paster commands being able to edit these roles. Or get rid of the immutability completely. Views?
Note: See
TracTickets for help on using
tickets.
