bloodhound-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joachim Dreimann <joachim.dreim...@wandisco.com>
Subject Re: [BEP-0003] Wiki install vs. upgrade
Date Thu, 02 May 2013 14:15:30 GMT
Every registered user should be allowed to see the Dashboard.

The Dashboard may be empty if the user has no permissions to see anything
else. Just as it is on a new installation with no information yet.

Empty should not mean a blank page, but one helping to get started, learn
more, how to request permissions, whatever the case may be.


On 1 May 2013 10:28, Gary Martin <gary.martin@wandisco.com> wrote:

> On 01/05/13 01:42, Olemis Lang wrote:
>
>> On 4/30/13, Anze Staric <anze.staric@gmail.com> wrote:
>>
>>> Both product list and global dashboard currently require PRODUCT_VIEW
>>> permission in global context and are therefore not visible to
>>> anonymous users.
>>>
>>> Are there any unwanted consequences if we grant this permission to all
>>> users (in global env) during the upgrade?
>>>
>>>  Please do not do that . It's annoying when upgrades hijack the
>> decisions made by admins + users ... especially when it comes to
>> security & permissions which might compromise the stability ,
>> confidentiality policies , ... of certain environments .
>>
>>
> Olemis is right in principle. We should never be setting user permissions
> on an upgrade.
>
> I am not convinced that PRODUCT_VIEW is the correct permission for showing
> this page as a whole. Although in a sense it is still messing with
> decisions on permissions, we could change it to TICKET_VIEW. If it is not
> already in place we also need to make sure that we are able to determine
> which products a user should have access to along with respecting the
> permissions of anything within each product that might get displayed.
>
> Cheers,
>     Gary
>



-- 
Joe Dreimann | *User Experience Designer* | WANdisco<http://www.wandisco.com/>

@jdreimann <https://twitter.com/jdreimann>
*
*
*Join one of our free daily demo sessions on* *Scaling Subversion for the
Enterprise <http://www.wandisco.com/training/webinars>*

THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY BE
PRIVILEGED.  If this message was misdirected, WANdisco, Inc. and its
subsidiaries, ("WANdisco") does not waive any confidentiality or privilege.
 If you are not the intended recipient, please notify us immediately and
destroy the message without disclosing its contents to anyone.  Any
distribution, use or copying of this e-mail or the information it contains
by other than an intended recipient is unauthorized.  The views and
opinions expressed in this e-mail message are the author's own and may not
reflect the views and opinions of WANdisco, unless the author is authorized
by WANdisco to express such views or opinions on its behalf.  All email
sent to or from this address is subject to electronic storage and review by
WANdisco.  Although WANdisco operates anti-virus programs, it does not
accept responsibility for any damage whatsoever caused by viruses being
passed.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message