Editing someone's profile photo?!

Support Ticket


Is it a security problem that I can edit someone else profile photo?

Can there be a rule setup to prevent other users changing other people's profile data?


Double click photo to upload different image.


You can now make a rule such as image+*right+*update, add the user's name, and only they will be able to edit their +image card. I don't know yet if there's a way to have Wagn automatically do that for each user, with their name. --John Abbe  fwiw, the rule should actually be on *self not *right for this workaround -- efm.

Having wagn set the permission automatically on user cards is VERY important in my opinion. Perhaps through a owner role which points to the card creator?

If users can modify each others details, the implementations of wagn remain very limited.

  --cviz.....Thu Oct 20 16:53:21 -0700 2011

hi cviz, there isn't a super simple way to do this yet, but we recognize that this is an important user story, and 95% of the work has been done to get us there.


The primary focus of Wagn 1.7 was to setting-ize permissions, meaning to make the permissions system use our set/settings pattern. This was a major project, and the data migration was the biggest in our history.


Now that it is possible (and scalable) to assign permissions to individuals (and not just groups/roles as before), it should be a much smaller step to have permissions default to a given individual.


My temptation is to do something very close to the owner role that you mention, but rather than having a separate *role* per se, to make "creator" a value that you can choose on any permissions rule. This preserves the useful distinction of a role as an absolute user set, and it obviates the need for a separate owner interface.


Does anyone see a major downside to this solution?

  --Ethan McCutchen.....Tue Oct 25 11:33:41 -0700 2011

I see a downside, Self. You can't transfer creatorship, which means if you wanted to move permissions to someone else you might have to change multiple permissions settings. That's the key value the "owner" abstraction offers.

  --Ethan McCutchen.....Fri Mar 23 23:24:49 +0000 2012