sharks

get started

concepts

features

syntax

 

monkeys

intro

mods

REST API

 

platypuses

github

blueprints

tickets

 

everyone

support

ideas

contact

license

 

 
 

initial permissions+discussion

help edit space_dashboard

RE: 'account_request+*type+*form' {:read=>:admin}


I think that breaks account requests, no?

  --Ethan McCutchen.....Thu Apr 09 08:40:36 -0700 2009

The idea with this was to keep spammers from being able to post stuff by requesting accounts. Unfortunately, this solution to that keeps anyone except admins from being able to see/approve account requests. Hrm. Or are you seeing more serious breakage that i'm missing?

  --John Abbe.....Thu Apr 09 10:11:18 -0700 2009

I'm just remembering that you tried this before and it broke things, perhaps because of this: http://wagn.org/wagn/allow_authorized_users_to_see_cards

  --Ethan McCutchen.....Thu Apr 09 10:17:26 -0700 2009

fyi

thursday=> select count(*), task, codename from permissions p join roles r on p.party_id = r.id group by task, codename order by task,codename;

count |  task   | codename 
-------+---------+----------
 1     | comment | anon
 2     | create  | admin
 1     | create  | anon
 12    | create  | auth
 106   | delete  | auth
 42    | edit    | admin
 64    | edit    | auth
 106   | read    | anon
(8 rows)

  --Ethan McCutchen.....Thu Apr 09 10:29:11 -0700 2009

Add?:

 

'user+*type+*content'=> {:delete=>:admin},

  --John Abbe.....Tue Jun 30 10:10:39 -0700 2009

Just updated all the tform and rform references, and change from HTML+*type+*content to HTML+*type+*default.

 

I also just fixed permissions on editing Ruby cards on wagn.org from Anyone signed in (or maybe even Anyone) to Developer. This is a security issue for anyone who turns on Ruby or Script cards. I'm inclined to add this (below) to Always, but I don't know if it would choke on Wagns that don't have Ruby or Script cards turned on?

 

'ruby'+*type+*default'=> {:created=>:admin, :edit=>:admin, :delete=>:admin}

'script'+*type+*default'=> {:created=>:admin, :edit=>:admin, :delete=>:admin}

 

  --John Abbe.....Sat May 01 19:34:47 -0700 2010

Just realized that my *all+*captcha add was redundant because all star cards are set up to be editable/deletable only by Admins. So only an issue for Wagns set up before that was done.

 

Worth a migration?

  --John Abbe.....Thu Feb 17 11:53:16 -0800 2011

what needs migrating?

  --Ethan McCutchen.....Thu Feb 17 12:24:17 -0800 2011

making sure that *all+*captcha is only editable/deleteable by admins

 

just a note: questions above about ruby/script, and user+*type+*content still pending

  --John Abbe.....Thu Feb 17 12:29:05 -0800 2011

ruby stuff wouldn't choke anything if not turned on. Also, I don't think anybody can really get ruby/script cards working without our help.

  --Ethan McCutchen.....Thu Feb 17 12:58:25 -0800 2011

are you sure that star config isn't older than the captcha functionality? wagn.org is often messed up because we've messed with settings here, so migrations don't take full effect.

  --Ethan McCutchen.....Thu Feb 17 13:00:23 -0800 2011

http://thrivable.wagn.org/*all+*captcha

 

Have you seen my note (forget what medium) that *all+*captcha is off on English?

 

Speaking of migrations not taking effect, let's add a mechanism to reenable migration for edited card.

  --John Abbe.....Thu Feb 17 13:06:14 -0800 2011