Forum OpenACS Development: Should only site-wide-admins be able to add users to the system?
I just wanted to double check that the null context_id wasn't intentional, maybe to assure that only site-wide-admins can add users. If we indeed want the site-wide-admin restriction then we need to roll back my change, and also change the acs-subsite package to consistently enforce that, something it currently only does for the main site.
Isn't 5.1 frozen? Aren't we supposed to only be fixing "beta blocker" bugs here?
I don't have a problem with the change but think it should go in HEAD not 5.1 ... just in case there IS a problem we're not thinking of. It's more likely to come out in the lengthy process leading to a 5.2 release than our rapid push towards beta with 5.1...
It seems to me that the best fix here is to remove the read permission check and simply allow the admin to add any user in the system to a group that he admins. Does that make sense?
Wouldn't it be more correct to set the context_ids of the groups and grant the proper permissions?
But I'm curious about this:
"It seems to me that the best fix here is to remove the read permission check and simply allow the admin to add any user in the system to a group that he admins"
How can you not have the read priv on a group you have admin on since read is a child of admin?
it's not about the read privilege on the groups but on the *users* that the admin wants to add to a group...