Ticket #2863 (new defect)

Opened 21 months ago

Last modified 21 months ago

non-admin users can edit other's draft datasets

Reported by: shevski Owned by: toby
Priority: awaiting triage Milestone: demo phase 4
Component: ckan Keywords:
Cc: Repository: ckan
Theme: none

Description

edit button shows up for daniel lewis for http://s031.okserver.org:2375/dataset/ff

Change History

comment:1 Changed 21 months ago by toby

@ira,

This is actually working correctly but the permissions on the server s031 are not what you want

I do not know how or where these are defined - he has package_update permissions from somewhere

maybe ross or someone knows

comment:2 Changed 21 months ago by ross

This is changeable in config. The default permissions are specified in there I believe.

comment:3 Changed 21 months ago by shevski

If by default it doesn't happen, then that's fine & we can close this.

Any way for me to see how permissions are set?

comment:4 Changed 21 months ago by ross

No idea :|

The perms are commented out by default in the template ini file. You should take a look at the ini file and see how it is setup, search for ckan.default_roles.Package but I can't see how Daniel would have been granted read access without the auth pages being implemented.

comment:5 Changed 21 months ago by toby

  • Milestone changed from demo phase 3 to demo phase 4

@ira,

I am moving this to phase 4 as it's not going to be looked at till the new permissions stuff is agreed

Note: See TracTickets for help on using tickets.