[Maintain-dev] [JIRA] Resolved: (MNT-1549) User Access Levels

Josh Schonstal (JIRA) jira at osuosl.org
Mon Aug 21 15:53:38 PDT 2006


     [ http://bugs.osuosl.org/browse/MNT-1549?page=history ]
     
Josh Schonstal resolved MNT-1549:
---------------------------------

    Resolution: Fixed

Modules hooks now have a $access argument.  You can specify a constant, and the module will not run for anyone with access level below that constant.

> User Access Levels
> ------------------
>
>          Key: MNT-1549
>          URL: http://bugs.osuosl.org/browse/MNT-1549
>      Project: Maintain
>         Type: Improvement
>     Versions: 3.0, 3.1, 3.0.0-RC1
>     Reporter: Frederic Wenzel
>     Assignee: Michael Clay
>     Priority: Urgent

>
>
> Maintains user access levels need to be enhanced.
> Currently, if a user knows the name of a module, they can access the module's pages even if there is no link for them to follow. Putting this kind of security on the shoulders of module programmers is not a good idea.
> Instead, we should keep a default user level around that's needed to watch any page, module or not, by default. If somebody is below (or happens not to be in the zone user table at all), they can login but not do anything.
> Then modules can white- and blacklist themselves, i.e. lower or raise their minimum access level. An "autoreg" module (intended to put new users into Maintain that are not in there yet) would lower the access level of its registration form to 0 so that everybody can access it.
> In turn, admin-only modules could, besides implementing the usual is_admin checks, raise their access levels to 100 so that non-admin can't even access the module page in the first place.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://bugs.osuosl.org/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira



More information about the Maintain-dev mailing list