disallow card creation if no edit permission
Ticket
+example
This is set to be editable only by GC Staff:
When you click this you get the create interface, then when you click Create you get an ugly error message (below — we're all admins/GC Staff, so you'll have to sign in as, say, Lewis Test to see it live). Should get a nice error message when you first click on this.
notice = getNextElement(getSlotFromContext('main_1_2'),'notice'); notice.update('
Rats. Issue with DISALLOW CARD CREATION IF NO EDIT PERMISSION+EXAMPLE+ONLY GC card:</h2>
PERMISSION_DENIED: You don\'t have permission to edit this card</p></div>')
I can hack around this for ICAH by giving the answer cards a type, but this seems like a good opportunity to fix this anyway.
maybe so. we'll look. In general permissions changes can get hairy and our automated testing has gaps, but it's certainly worth a look.
Since create permissions are currently only governed by type, it might be hard to fix this without violating the do no harm premise.
ultimately, I think we may want for people to be able to create things they can't edit. If we do this, it may be just another hack on a permissions system that needs much broader reform.
--Ethan McCutchen.....Tue May 05 21:50:45 -0700 2009
We can't do this with the current registration setup-- which gives folks create permission but not read or edit; and certainly giving edit would be bad-- then they could edit other's cards. So we have a case that directly contradicts this one. I have been thinking lately about having a magic Author role, but that's another can of worms.
--Lewis Hoffman.....Thu May 28 11:22:59 -0700 2009
I think this is obviated by the new permissions system, in which *create is just as flexible as *update.
--Ethan McCutchen.....Tue Nov 29 10:29:51 -0800 2011