#2 closed enhancement (fixed)
Maintain an ACL for updating each group's information
| Reported by: | adehnert | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Initial Release |
| Component: | Default | Version: | |
| Keywords: | Cc: | ||
| Size: |
Description
In the old database, each financial signatory (plus probably the president and treasurer) can update most properties of a group.
Change History (4)
comment:1 Changed 15 years ago by adehnert
- Milestone set to Initial Release
comment:2 Changed 14 years ago by adehnert
- Component set to Default
- Resolution set to fixed
- Status changed from new to closed
comment:3 Changed 14 years ago by adehnert
Test.
comment:4 Changed 14 years ago by adehnert
Test 2.
Note: See
TracTickets for help on using
tickets.
This is currently limited to the groups.admin_group privilege on the group object. The PerGroupAuthz? authentication backend does per-object privileges, based on the grant_user field of OfficerRoles?.
See the following commits:
commit 2dd6045050e0a3dbcd644c0d3406cd2c991e6640 Author: Alex Dehnert <adehnert@mit.edu> Date: Sun Aug 7 04:43:17 2011 -0400 Create permissions for group administration commit 16b751506d339a331550a83f9d1a597612fe8812 Author: Alex Dehnert <adehnert@mit.edu> Date: Sun Aug 7 04:20:32 2011 -0400 Add infrastructure for per-group authz This adds a PerGroupAuthz authentication backend (which is a no-op for the authentication and only bothers with authorization). OfficerRoles can specify users whose permissions they grant to the holders of that role when working with that group. Those users can then be granted the relevant permissions in the usual way.