Forum OpenACS Development: News is broken.

Collapse
Posted by Dave Bauer on
The News package says you can grant someone news-admin to allow them to approve news etc. Except all the pages for the news-admin live in news/www/admin/. Only those with "admin" privilege can get into that directory.

So, is there any practical difference to giving someone admin privilege over a news package? Or should the news-admin be seperate, in which case the files will need to be moved out of admin into news/www/moderate or something with appropirate permissions checks added.

See: http://sdm.openacs.org/sdm/one-baf.tcl?baf_id=1572

This exists in 4.5 and 4.6.

Collapse
2: Re: News is broken. (response to 1)
Posted by Robert Locke on
Perhaps this obviates the question, but I just now checked out the news module from the OACS HEAD and removed all custom privileges, which is what I think we agreed to do at some point.

I then mapped the privileges as follows:
news_read -> read
news_create -> create
news_delete -> delete
news_admin -> admin

The main disadvantage of removing the custom permissions is that if, say, you want to grant someone news admin permission, you need to grant them the "admin" privilege at the news instance-level. There is no way of granting someone site-wide "news admin" permission, unless you grant them site-wide "admin" permission, which is probably not what you want.

But, this won't be an issue for most sites, and is probably outweighed by the benefit of simplifying and uncluttering our permissions namespace.

Questions:

  • Is this ok?
  • Is now a good time to commit my changes back to the HEAD?
  • Do I need to write an upgrade script, and if so, do we have any similar examples of this?
  • Also, regarding the upgrade script, how do we handle cases like users who were granted site-wide news_admin privileges? We obviously wouldn't want to convert all "news_admin" permission grants to "admin".

Thanks...

Collapse
3: Re: News is broken. (response to 1)
Posted by Don Baccus on
I am in favor of getting rid of the large number of custom privileges we see in various packages.  We may need a larger discussion of this since there's not been a clear consensus in the past.  So I'd say don't commit yet but let's try to get a discussion going.