Forum OpenACS Development: Response to Permissions UI Issues

Posted by David Walker on
I think I agree with Dennis.  The glossary "admin" should pass any
security check done by the glossary module including the
"glossary_admin" check.  I guess I'm interested in "admin" being a
standardized super user at each module level and I agree with Don
about a standardized "read" and "write" privilege as well.

Personally I'd prefer to say that if a person or group needed admin
privileges over a module but not over a child module then it should
granted on the parent and then explicitly denied on the children
since the site will, in my opinion, be much more manageable and
understandable and those cases should be rare.

The idea of the "glossary_admin" doesn't bother me too much.  Unless
the child object is another glossary the permissions would be
ignored and work exactly as Walter intended.

As far as "stupid" programmers or code, my first big project was one
that I took over from another programmer.  I was surprised at how
many "stupid" things he did until I was called upon to create a
project from scratch.  Now I'm amazed at how many "stupid" (or
non-optimal is another term I like) things I
do as I'm completing my projects.