Forum OpenACS Development: application-specific permissions

Collapse
Posted by Roger Williams on
I know we have discussed this before. But I am digging in the permissions model (as promised) to make some changes to the UI and some fixes to the underlying operation.

Specifically, in this post I inserted this snippet from the News module design documentation:

With the ACS4 permissions model, the news administrator need no longer coincide with the site administrator. This need only be the case right after installation. The News application has a hierarchical set of permissions which can be assigned to any party as needed. The news root privilege is news_admin which comprises news_create, news_delete, and news_read.

By default, the news_admin permission inherits from the site-wide admin. The news_read permission is assigned to the public so that all users, including non-registered users, have access to /news/. By default, the news_create permission is assigned to registered users. However, they can only submit a news items, but not approve it. Approval requires news_admin privilege or can be set to take place automatically by setting the parameter ApprovalPolicy to 'open'.

The news privileges can be changed in /permissions/ by the administrator on the /news/admin/index page. The needs of an individual site, e.g. sharing the news administration duties among several individuals, are thus covered.

I was re-reading this after we found another bug in the permissions implementation wrt the news module. If there was no permission called news_admin that is to be used to name a separate admin (from the site admin) for the news stories, how would this (i.e. sharing the news administration duties among several individuals) be accomplished?

At our site, we are recruiting and training people to be news editors and we definitely do not want to give them the permission called admin. Now we could give them admin permission just to the news module instance, but we have found some cases where this has side-effects also. Maybe this permission should be named news_editor.

Any help and/or insight is appreciated.

Regards..
--------------------------------------------------------------
Note: although this is related to the idea of application-scoped permissions, I still intend to provide (a proposal for) the scoping function.

Collapse
Posted by Stephen . on
What side effects did you find when assigning one of your news editors the admin privilege on a news package instance?
Collapse
Posted by Robert Locke on
Just for kicks, for one project, I removed the app-specific permissions from the news module and replaced them with their system-wide counterparts.  In other words, news-admin -> admin, news-create -> create, news-read -> read, etc, etc.

I then gave the "client_admin" group explicit "admin" permission for a particular news instance.  As expected, the "admin" permission only applied to that news site-node, and did not extend to other parts of the site.  Very clean and simple.

It worked great, and I haven't noticed any side-effects.  And in general I tend to agree that app-specific permissions should be avoided wherever possible.