Comment 6 for bug 786904
Revision history for this message
| Scott Ritchie (sritchie) wrote Re: [Bug 786904] Re: checkPermissions only lets admins write | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Right. You may just want to check that my logic in each case for inDev is
correct
On Mon, May 23, 2011 at 8:43 PM, Matt Giuca <email address hidden>wrote:
> So in my opinion, the only fix required is to use the same comparison
> above as below. For instance, in GameVersionServ
>
> ClientView cv = (curUser.
> ?
> ClientView.PRIVATE : ClientView.PUBLIC;
>
> with:
>
> ClientView cv = isDev ? ClientView.PRIVATE : ClientView.PUBLIC;
>
> In other words, it's private if you are a developer of this game;
> otherwise it is public. That's all that should be required.
>
> --
> You received this bug notification because you are subscribed to MUGLE.
> https:/
>
> Title:
> checkPermissions only lets admins write
>
> Status in Melbourne University Game-based Learning Environment:
> New
>
> Bug description:
> It's hard to demonstrate at the moment, but I believe that
> checkPermissions in all of the *ServiceImpl classes, except for
> UserService, will prevent non-admins from writing to objects, even if
> they own them.
>
> This is because all of the checks check the current user's key against
> the object in question's key (which obviously never match), and set it
> to private if they match, public otherwise. This means it will ALWAYS
> result in the public interface. Admins can still write to such an
> interface, but nobody else can.
>
> Therefore, each ServiceImpl class needs that logic to change to a real
> check to see whether the user owns that object (which is usually going
> to be the same condition as the exception check above).
>