[
http://www.jahia.net/jira/browse/SENSEI-57?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephane Croisier updated SENSEI-57:
------------------------------------
Attachment: John_RWA_can_publish_without_the_role.jpg
John is RWA on the page so tacitely he can perform the last step even if we
have not mapped any role for him (cf screesnhot_1).
here again this is not "transparant" and "crystal clear" for the end-user when
checking roles in the workflow sub-engine that implicetly all RWA on this page
could also bypass the workflow in order to publish the page. You then need to
check in the ACL sub-engine first to precisely know which users can really
perform which action.
So I think this would be more clear if we clearly indicate each step (notify
included) and that all default values (mapped to ACL) are clearly indicated in
the Workflow sub-engine.
We could even imagine a checkbox in order to enable a "Permanently map to ACL"
kind of options if the webmaster does not want to manage both the ACL tree and
the Workflow roles separately. But such a checkbox could also be turned off in
order to restrict the scope of users alloweed to perform any action on a
workflow
Normally, if I understand correctly the refactoring, a user RW can now perform
a publishing step (the last step). So I think that a RWA users will only have
the permissions to enter and manually modify the current workflow + roles. But
this should not be a privielges assigned by default. RWA permissions will be
certainly only limited to real WebMasters in Jahia 6 and not to all users which
need to be able to publish a page. This will also ease other roles management
as we add to introduce several other roles to limit the damages caused by this
RW and RWA mapping on the std workflow (e.g you need RWA to publish a page but
you do not want such a user to modify ACL or the type of workflow so you add to
remove access to such sub-engines).
> NStep Workflow: default roles mapped to ACL not clearly indicated
> -----------------------------------------------------------------
>
> Key: SENSEI-57
> URL: http://www.jahia.net/jira/browse/SENSEI-57
> Project: Jahia Workflows
> Issue Type: Sub-task
> Affects Versions: Workflow 6.0
> Environment: 22951
> Reporter: Stephane Croisier
> Assignee: Thomas Draier
> Priority: Major
> Fix For: Workflow 6.0
>
> Attachments: John_example.jpg,
> John_RWA_can_publish_without_the_role.jpg, screenshot-1.jpg
>
>
> When switching to another Nstep workflow, ACL are currently automatically
> mapped on roles (kind of default values for each step). However there is no
> indication of such "default values" in the Workflow sub-engine. So this does
> not help understand who can exactly make what. for example if I add a user,
> does this automatically remove all the other user who have RW permission on
> the page?
> So it would be clearer if we really use current ACL as default values which
> could then be removed, replaced, restricted to certain users, etc...
> The manager needs to be sure of who can exatly perform which action.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://www.jahia.net/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
jira_list mailing list
[email protected]
http://lists.jahia.org/cgi-bin/mailman/listinfo/jira_list
