Forum OpenACS Development: Response to Permissions UI Issues

Posted by David Walker on
The similar permissions issue in 3.2.5 has bothered me for a while. A sitewide administrator should be a super-user and pass any and all permissions checking.

I believe, especially with inheritance being one of the features here, that an administrator of a higher level group should be inherited as the admin of the lower level group.

  • Site-wide Administrator
    • Content Editors Group Administrator
      • Content Creators Administrator
    • Downloads Management Group Administrator
      • Widget Programmers Administrator
So that in the above diagram a Site Wide Administrator, or a Content Editors Administrator would pass a check for Content Creators Admin privileges. I think this needs to be considered as modules are programmed as there may be a use for a non-inheriting function that checks if a user is an admin in a lower level group but only an inheriting function should be used for permissions checking.