[Maintain-dev] [JIRA] Updated: (MNT-1549) User Access Levels

Josh Schonstal (JIRA) jira at osuosl.org
Mon Mar 5 11:04:57 PST 2007

     [ http://bugs.osuosl.org/browse/MNT-1549?page=history ]

Josh Schonstal updated MNT-1549:

    Comment: was deleted

> User Access Levels
> ------------------
>          Key: MNT-1549
>          URL: http://bugs.osuosl.org/browse/MNT-1549
>      Project: Maintain
>         Type: Improvement
>     Versions: 3.0, 3.1, 3.0.0-RC1
>     Reporter: Frederic Wenzel
>     Assignee: Michael Clay
>     Priority: Urgent

> Maintains user access levels need to be enhanced.
> Currently, if a user knows the name of a module, they can access the module's pages even if there is no link for them to follow. Putting this kind of security on the shoulders of module programmers is not a good idea.
> Instead, we should keep a default user level around that's needed to watch any page, module or not, by default. If somebody is below (or happens not to be in the zone user table at all), they can login but not do anything.
> Then modules can white- and blacklist themselves, i.e. lower or raise their minimum access level. An "autoreg" module (intended to put new users into Maintain that are not in there yet) would lower the access level of its registration form to 0 so that everybody can access it.
> In turn, admin-only modules could, besides implementing the usual is_admin checks, raise their access levels to 100 so that non-admin can't even access the module page in the first place.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
If you want more information on JIRA, or have a bug to report see:

More information about the Maintain-dev mailing list