Dear all,
this is a proposal to remove from the WebAccess administration web interface
the possibility to CREATE actions. At the moment the interface offers the
possibilities to create actions (but not to remove them).
I think that the web interface should not offer neither the possibility to add
an action nor the possibility to delete it. This is confusing for the admin
user and should be a feature available only to developers, since actions name
and parameter must also be referenced in an hard-coded way throughout the
Invenio source code. I.e.:
* if you add an action, it will be used only if some piece of python use it
through acc_authorize_action.
* the parameter that will be passed to acc_authorize_action are hard-coded so
there's no point in letting the user configuring the action through the
webinterface some parameters and not some others.
* deleting an action that will be used through the code will only remove any
possibility for users to be authorized to it.
Hence I propose to remove the possibility to add action through web interface
(deleting is already not possible) and to add a statement somewhere in
WebAccess that actions are configured in DEF_ACTIONS in
access_control_config.py (creating/deleting actions happens rarely and always
along side modification of some source code, hence developers who wants to
add a new actions need just to update the access_control_config.py file.
Do anybody rely on the possibility to create action through web interface?
Best regards,
Samuele
--
.O.
..O
OOO
