Sam Weiner <[EMAIL PROTECTED]> writes
>My fix was just to add the following lines to default_roles_permissions.sql
>
>insert into UserRole (ROLENAME) values ('user_admin');
>insert into VisitorRole ( VISITORID, ROLEID ) select Visitor.VISITORID,
>UserRole.RoleID from Visitor, UserRole where Visitor.loginid = 'turbine' AND
>UserRole.rolename = 'user_admin';
>
I downloaded turbine yesterday and hit the same problem :-(
One query I have is whether the above is completely the right fix in
terms of the overall Turbine permission architecture? [No disrespect to
Sam intended.]
Specifically, is the 'turbine_root' role intended to be a sort of "super
user" role that implicitly has *all* the available roles in a system
(like the UNIX root user) without having to declare them one by one?
It appears the intent of recent changes to the permissions / role system
is to become more explicit about individual permissions, but I can't
quite work out [yet] how (or even whether) permissions and roles are
supposed to interrelate.
Specifically, does possession of (say) the 'modify_user' permission
*imply* possession of the rights of the 'user_admin' role?
I guess in a security system, any "implied" granting of abilities is
probably a bad thing (easier to introduce loopholes :-), but clearly
there must be some relationship otherwise the user cannot even get onto
the user admin screens to do the modify.
Also, should the above fix also involve removing the 'turbine_root' role
and replacing it with a more explicit set of roles?
Bottom line: should this be a data fix or a code fix?
I realise that the user admin and permission system is undergoing a bit
of an evolution, and I would like to try to help - but I need to know
the overall direction it is heading in so that any changes I may suggest
actually head towards that goal rather than away from it!
Any guidance would be most helpful.
Thanks.
- Jorgen
------------------------------------------------------------
| Software Technologies ----:---- http://www.SwTech.com/ |
| -----------> One-stop Developer Reference <----------- |
| Technical reference for professional software developers |
------------------------------------------------------------
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
