Strange policy on editing exercises
Bug #520778 reported by
Matt Giuca
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| IVLE |
Fix Released
|
High
|
Matt Giuca | ||
Bug Description
The policy for who can a) view the list of exercises, and b) add a new exercise (i.e., the exercise actions which aren't related to a specific exercise) have a very weird policy, which is as follows:
"If the user has edit permission on any offering, allow."
Since the policy on the other exercise actions, implemented in database.py under Exercise, is *not* actually exercise specific ("if the user is an admin, or lectures or tutors for any subject, allow"), it should simply be changed to this rule. Add a static method in Exercise to do this.
This won't actually affect any users at the moment (since currently, any lecturer or tutor for any subject also has edit permission on an offering). However this will change as we change the tutor policy.
Related branches
Revision history for this message
| Matt Giuca (mgiuca) wrote | #1 |
| Changed in ivle: | |
| status: | In Progress → Fix Committed |
| Changed in ivle: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Fixed in trunk r1536.