On 2010-03-10 15:07, Christian Hammond wrote:
Staff means you have the ability to create/delete/modify anything in the
database that you have permissions for (by default, this is everything, I
believe). Superuser means you have it no matter what permissions are set.
You basically have every single permission automatically.

This is a Django thing, and not controlled by Review Board in any way. It
seems like something they should probably prevent. I think the proper thing
to do, though, is to just not give staff members the ability to modify users
by default. I see nothing in Django that prevents modifying this flag
otherwise.

Okay, thanks. Unfortunately that seems like it would defeat the goal of staff being able to create users and reset passwords :-(.

It seems rather counter-intuitive that the 'may modify users' and 'superuser' flags are effectively synonymous. I guess I should bug Django about it?

--
Matthew

--
Want to help the Review Board project? Donate today at 
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to 
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/reviewboard?hl=en

Reply via email to