Here are four three sets of permissions that can be applied to the Cards on New Wagns that come with new Wagn. The "Always" section is always applied, and then one of the other three sets is applied to get a different general initial setup.
Note:
- Card names must be the card's key.
- :star (for Star Cards) will only be applied to simple cards, and plus cards whose leftmost part begins with *.
Always
(no duplicate keys — if tempted, remove them from here and put them below)
:always=>{
:star=> {:edit=>:admin, :delete=>:admin},
'config'=> {:edit=>:admin, :delete=>:admin},
'role'=> {:create=>:admin},
'role+*type+*content'=> {:delete=>:admin},
'anyone'=> {:delete=>:admin},
'anyone signed in'=> {:delete=>:admin},
'administrator'=> {:delete=>:admin},
'administrator_link'=> {:read=>:admin},
'account_request+*type+*content' =>{:read=>:auth},
'html'=> {:create=>:admin},
'html+*type+*content'=> {:edit=>:admin},
'*watcher' => {:edit=>:auth},
'*watcher+*right+*content' => {:edit=>:auth}
}
Open view, restricted edit
:standard=>{
:default=> {:read=>:anon, :edit=>:auth, :delete=>:auth, :create=>:auth, :comment=>nil},
'account_request' =>{:create=>:anon},
'discussion+*right+*content'=> {:comment=>:anon}
}
Open edit
:open=>{
:default=> {:read=>:anon, :edit=>:anon, :delete=>:auth, :create=>:anon, :comment=>nil},
'discussion+*right+*content'=> {:comment=>:anon}
}
Private
:private=>{
:default=> {:read=>:auth, :edit=>:auth, :delete=>:auth, :create=>:auth, :comment=>nil},
'discussion+*right+*content'=> {:comment=>:auth},
'*css'=> {:read=>:anon}
}
RE: 'account_request+*type+*form' {:read=>:admin}
I think that breaks account requests, no?--Ethan McCutchen.....Thu Apr 09 08:40:36 -0700 2009
The idea with this was to keep spammers from being able to post stuff by requesting accounts. Unfortunately, this solution to that keeps anyone except admins from being able to see/approve account requests. Hrm. Or are you seeing more serious breakage that i'm missing?
--John Abbe.....Thu Apr 09 10:11:18 -0700 2009
I'm just remembering that you tried this before and it broke things, perhaps because of this: http://wagn.org/wagn/allow_authorized_users_to_see_cards
--Ethan McCutchen.....Thu Apr 09 10:17:26 -0700 2009
fyi
thursday=> select count(*), task, codename from permissions p join roles r on p.party_id = r.id group by task, codename order by task,codename;count | task | codename
-------+---------+----------
1 | comment | anon
2 | create | admin
1 | create | anon
12 | create | auth
106 | delete | auth
42 | edit | admin
64 | edit | auth
106 | read | anon
(8 rows)--Ethan McCutchen.....Thu Apr 09 10:29:11 -0700 2009
Add?:
'user+*type+*content'=> {:delete=>:admin},
--John Abbe.....Tue Jun 30 10:10:39 -0700 2009
Just updated all the tform and rform references, and change from HTML+*type+*content to HTML+*type+*default.
I also just fixed permissions on editing Ruby cards on wagn.org from Anyone signed in (or maybe even Anyone) to Developer. This is a security issue for anyone who turns on Ruby or Script cards. I'm inclined to add this (below) to Always, but I don't know if it would choke on Wagns that don't have Ruby or Script cards turned on?
'ruby'+*type+*default'=> {:created=>:admin, :edit=>:admin, :delete=>:admin}
'script'+*type+*default'=> {:created=>:admin, :edit=>:admin, :delete=>:admin}
--John Abbe.....Sat May 01 19:34:47 -0700 2010
Just realized that my *all+*captcha add was redundant because all star cards are set up to be editable/deletable only by Admins. So only an issue for Wagns set up before that was done.
Worth a migration?
--John Abbe.....Thu Feb 17 11:53:16 -0800 2011
what needs migrating?
--Ethan McCutchen.....Thu Feb 17 12:24:17 -0800 2011
making sure that *all+*captcha is only editable/deleteable by admins
just a note: questions above about ruby/script, and user+*type+*content still pending
--John Abbe.....Thu Feb 17 12:29:05 -0800 2011
ruby stuff wouldn't choke anything if not turned on. Also, I don't think anybody can really get ruby/script cards working without our help.
--Ethan McCutchen.....Thu Feb 17 12:58:25 -0800 2011
are you sure that star config isn't older than the captcha functionality? wagn.org is often messed up because we've messed with settings here, so migrations don't take full effect.
--Ethan McCutchen.....Thu Feb 17 13:00:23 -0800 2011
http://thrivable.wagn.org/*all+*captcha
Have you seen my note (forget what medium) that *all+*captcha is off on English?
Speaking of migrations not taking effect, let's add a mechanism to reenable migration for edited card.
--John Abbe.....Thu Feb 17 13:06:14 -0800 2011
Cards: initial permissions+discussion, initial permissions, discussion Last Editor: John Abbe
