Forum .LRN Q&A: Re: Calendar Permissions

Collapse
4: Re: Calendar Permissions (response to 2)
Posted by Dirk Gomez on
Why? Because calendar is very hackerish.

In fact calendar 4-6 implements a "trust-your-user-to-not-change-the-url" form of security - hence it doesn:t really matter what you do on your permissons page.

Thanks to Lars calendar is now using permissions properly. Have a look at this commit http://cvs.openacs.org/cvs/dotlrn-calendar/tcl/dotlrn-calendar-procs.tcl?view=auto&rev=1.71&root=dotlrn

And for inspiration please look at this thread https://openacs.org/forums/forum-view?forum_id=14014

This could be solved properly via a site-wide parameter (Create_Calendar_With_Broken_Security_Inheritance_p) and a toggle to switch that. Sounds good?