Hi Branden, Sorry for the late response on this ...
It is indeed correct that a user who has permissions to write to a node, should have implicit permission to delete its child nodes. However, permission to remove that node itself, should be a separate permission setting (which I believe it is already). Hope that helps, Nicolaas On 20 Apr 2012, at 14:28, Branden Visser wrote: > Thanks for the info Clay. > > On Fri, Apr 20, 2012 at 8:20 AM, Clay Fenlason > <[email protected]> wrote: >> Also IIUC, we really are just talking about Sakai documents and not >> other forms of content, right? > > If we were to make a change that WRITE permission implies deletion of > children, then this applies to all content in our storage, not just > sakai documents. The issue I'm currently dealing with AFAIK is only > currently exposed on Sakai Docs though, as the other forms of content > appear to be "flat" (aside from things like activity records, which > are stored as children of content). > >> My understanding is that content >> collections are not implemented with collection items as children >> of a >> collection node. Also that uploaded files and external links do not >> have children (is this true? And will it still be true when >> annotations are implemented?) >> > > Collections don't nest their content, and uploaded files and external > links only have activity feed information as children. I'm not sure > what annotations are, but a quick Google search leads me to believe > maybe I should subscribe to the oae-urg list. Off the top of my head, > threaded discussions operate without nested content, so my assumption > is that annotations could be designed not to nest as well. > > On that note, discussion messages/comments are nested in a page. It > would probably be a good idea to deny delete on the messages parent > content, as AFAIK there is no use case to permanently delete any of > that data any way. > >> Pages of a Sakai doc, or widgets on a page, then, would be the most >> common examples of child nodes. >> >> On those assumptions, I would answer ... >> >> On Fri, Apr 20, 2012 at 7:24 AM, Branden Visser >> <[email protected]> wrote: >>> a) If a user has "WRITE" permission on a content node, should they >>> always be able to delete their children? >> >> Yes. It's not inconceivable that some people would make use of more >> fine-grained editor restrictions, but this extra complexity would be >> of marginal benefit, and the design doesn't anticipate it. >> >>> c) (new) Should editors of a Sakai Document even be able to delete >>> pages within the document? >> >> Yes. Again, I can imagine scenarios where some people would like to >> set different permissions for different pages in a doc, but in such >> cases a separate doc should be a fine solution, and the extra >> complexity of page-level permissions is not worth the cost, as far as >> I understand the design thinking. >> > > I think my approach will be to make "write" imply "delete children", > and see how that fares. > > Thanks again! > > -- > Cheers, > Branden > _______________________________________________ > oae-dev mailing list > [email protected] > http://collab.sakaiproject.org/mailman/listinfo/oae-dev _______________________________________________ oae-dev mailing list [email protected] http://collab.sakaiproject.org/mailman/listinfo/oae-dev
