Forum .LRN Q&A: Re: Calendar Permissions

2: Re: Calendar Permissions (response to 1)

Posted by Carl Robert Blesius on 12/10/03 04:25 AM

Very good question Samer. I would dare to say it is because nobody has asked in the open yet. Thanks for bringing it up (we have talked about this a couple of times in Heidelberg behind closed doors).

Clearly a community toolkit should have a calendar that can be administered by the community (if the admin wants them to be able to).

On a side note... according to a professor I met recently this is a function that Blackboard used to have in an earlier version that professors really liked and has since been changed (maybe due to an architecture overhaul?).

4: Re: Calendar Permissions (response to 2)

Posted by Dirk Gomez on 12/10/03 06:42 PM

Why? Because calendar is very hackerish.

In fact calendar 4-6 implements a "trust-your-user-to-not-change-the-url" form of security - hence it doesn:t really matter what you do on your permissons page.

Thanks to Lars calendar is now using permissions properly. Have a look at this commit http://cvs.openacs.org/cvs/dotlrn-calendar/tcl/dotlrn-calendar-procs.tcl?view=auto&rev=1.71&root=dotlrn

And for inspiration please look at this thread https://openacs.org/forums/forum-view?forum_id=14014

This could be solved properly via a site-wide parameter (Create_Calendar_With_Broken_Security_Inheritance_p) and a toggle to switch that. Sounds good?