disallow card creation if no edit permission

Ticket

+commit
 

 

 

This is set to be editable only by GC Staff:

 

When you click this you get the create interface, then when you click Create you get an ugly error message (below — we're all admins/GC Staff, so you'll have to sign in as, say, Lewis Test to see it live). Should get a nice error message when you first click on this.

 

notice = getNextElement(getSlotFromContext('main_1_2'),'notice'); notice.update('

Rats. Issue with DISALLOW CARD CREATION IF NO EDIT PERMISSION+EXAMPLE+ONLY GC card:</h2>
PERMISSION_DENIED: You don\'t have permission to edit this card</p></div>')

 

I can hack around this for ICAH by giving the answer cards a type, but this seems like a good opportunity to fix this anyway.


maybe so. we'll look. In general permissions changes can get hairy and our automated testing has gaps, but it's certainly worth a look.

Since create permissions are currently only governed by type, it might be hard to fix this without violating the do no harm premise.

ultimately, I think we may want for people to be able to create things they can't edit. If we do this, it may be just another hack on a permissions system that needs much broader reform.

  --Ethan McCutchen.....Tue May 05 21:50:45 -0700 2009


We can't do this with the current registration setup-- which gives folks create permission but not read or edit; and certainly giving edit would be bad-- then they could edit other's cards. So we have a case that directly contradicts this one. I have been thinking lately about having a magic Author role, but that's another can of worms.

  --Lewis Hoffman.....Thu May 28 11:22:59 -0700 2009


I think this is obviated by the new permissions system, in which *create is just as flexible as *update.

  --Ethan McCutchen.....Tue Nov 29 10:29:51 -0800 2011