KarlAdmin cannot edit/delete blog entry/comment
Bug #407011 reported by
Paul Everitt
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
KARL3 |
Fix Released
|
Medium
|
Chris Rossi |
Bug Description
We recently had a bunch of out-of-office messages flood the KARL Feedback community's blog:
https:/
Nat would like to delete this using nborland which should (I believe) have KarlAdmin rights. However, he doesn't see Edit/Delete as actions.
Changed in karl3: | |
assignee: | Shane Hathaway (shane-hathawaymix) → Chris McDonough (chrism-plope) |
Changed in karl3: | |
assignee: | Chris McDonough (chrism-plope) → Chris Rossi (chris-archimedeanco) |
status: | New → In Progress |
Changed in karl3: | |
status: | Fix Committed → Fix Released |
Changed in karl3: | |
status: | Incomplete → Fix Released |
To post a comment you must log in.
Hopefully Chris M is thinking about this as he does his security rework. The problem is each blog entry has an ACL that does not allow KarlAdmin to do anything other than what any authenticated user can do. There are 2 obvious solutions: either each ACL needs to explicitly allow KarlAdmin to perform administration tasks, or we need to remove the NO_INHERIT flags from the ACLs. The first solution is more robust and predictable, so I prefer it, but it will increase the size of the database a bit.