Comment 6 for bug 1356679
Revision history for this message
| Gabriel Assis Bezerra (gabriel-bezerra) wrote | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
If the attribute is automatically set, it should not avoid a resource from being deleted then. There is no sense in forbidding a user from deleting a network of his/her own just because a plugin set an admin_only-settable attribute on it, without the intervention of the admin himself.
On the other hand, there is sense in making the default rule admin_only, trying to achieve higher security in policies.
There should be a better way to deal with this situation. Either working on fixing the way policies are applied on operations, or at least making it clear in the docs and policy.json which policies are checked.
The policies which are actually checked are not even listed on the sample policy.json. How would an operator have any clue of what is going on without having to touch the source code as I did? Not even the logs are helpful.