Hi,
Ok. So, in all my enthousiasm, I submitted the PR and merged it immediately after the tests failed... The commit hash is: d20b41aef34f958e94a6d1556cd7dbeb1cebb73e ; if there are objections, that's the one we need to revert (from master *and* its descendant from 1.4). Howeever, unlike the text below describes, I only needed to restrict the output of admin__get_roles_for_user() because admin__get_roles() already restricted itself to the declared namespace. Regards, Erik. On Sat, Jul 25, 2015 at 1:40 PM, Erik Huelsmann <[email protected]> wrote: > Hi, > > Working on https://sourceforge.net/p/ledger-smb/bugs/1395/ (Unable to > remove role from user), I'm running into the (old) problem that all > postgresql roles are considered relevant. What I mean by that is that > LedgerSMB creates roles prefixed with "lsmb_<company>__" (or an alternative > specified in the defaults table), but roles which don't match that prefix > are considered possibly relevant (because they could have been created by > users/admins). > > I'd like to propose to change that rule to: > > "We define a namespace (lsmb_<company>__) and manage that namespace. > Anything outside that namespace *can* be created outside of the realm of > the application, so it's not the responsibility of the application to > manage it." > > What I mean by that is that the functions 'admin__get_roles" and > "admin__get_roles_for_user" return only the PostgreSQL roles which are in > the namespace *we* manage for the *current* company. > > If I change the above two functions to do exactly that, I know how to fix > the issue. I'll submit a PR based on this change, even though it'll be in > the middle of a 1.4 series... > > > Long term, I'd like all role references to be prefix-relative. > > -- > Bye, > > Erik. > > http://efficito.com -- Hosted accounting and ERP. > Robust and Flexible. No vendor lock-in. > -- Bye, Erik. http://efficito.com -- Hosted accounting and ERP. Robust and Flexible. No vendor lock-in.
------------------------------------------------------------------------------
_______________________________________________ Ledger-smb-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
