'Edit Own' access control function not working

Submitted by anawillem on April 12, 2007 - 6:12pm.

Type

Need

Detailed Description

Even though 'Edit Own' is enabled for Authenticated Users to edit their Registrations and Proposals, this is functionally not working.

So, for example, when YES! magazine wanted to edit information on their registration, they were unable to open up that record for themselves (Access Denied).

This makes work that could be done by the user, having to be done by the administrative staff, and is bogging down their work.

Is there something we can do to enable this?

Priority

immediate

Initial Discussion Deadline

April 12, 2007

Assigned To

jamie

Publish or not...

Submitted by anawillem on April 13, 2007 - 5:47pm.

The issue is that these nodes would need to be published in order to be viewed by non-admin or by folks who do not have full edit privilages.

This is something that we should talk about at our next meeting, to see if that 'model' can be changed, and what the implications for that are.

____________
ana willem
jellobrain.com

How to restrict view privileges for a cck node

Submitted by jamie on April 15, 2007 - 3:19pm.

I don't think cck has the ability to restrict view privileges on a content type basis :(. That would be the answer. Then we could publish all of them, but restrict the ability to view them to a particular role OR the owner. Does anyone know if this is possible?

political solution favored over technial one in silc meeting

Submitted by jamie on April 15, 2007 - 5:36pm.

[18:29] < ana> at this point, people are unable to edit their own submissions
unless those submissions are published
[18:30] < ana> as per our current 'model'.
[18:30] < ana> evenif they have access in the access controls
[18:30] < ana> they cannot touch it
[18:30] < ana> this is causing problems for the admin team
[18:30] < ana> because of work overload from people wanting to change things or
add them
[18:30] < jamie> this is a sticky technical issue since I'm not convinced that
we can do what we need to do.
[18:30] < jamie> On the other hand - I think it has a political solution
[18:31] < jamie> I think we *should* be making all proposal submissions public
[18:31] < dkg> do we have complete edit history available?
[18:31] < ana> what I am wonderring is if the model can be changed...?
[18:31] < dkg> jamie: i agree, modulo the garbage.
[18:31] < jamie> I would favor the political solution to the technical one here
[18:31] < ana> k...
[18:31] < dkg> but they should be publicly *visible* not publicly *editable*.
[18:31] < jamie> yes
[18:31] < jamie> that's true - and that is technical possible
[18:32] < jamie> I think user registrations are a different story - since they
may contain information people expect to be private
[18:32] < jamie> but proposal submissions are different
[18:32] < jamie> I don't think there is any epxectation of privacy
[18:32] < jamie> ana: do you have a sense of who we should discuss with from
programming before making a change like this?
[18:33] < ana> ummm
[18:33] < ana> mike gasser
[18:33] < ana> and alison buchwald?
[18:34] < ana> we would not need to talk to them, necessarily, because they
want this enabled
[18:34] < ana> we just need to tell them when it is...
[18:34] < jamie> ok - I can take it then
[18:34] < jamie> I'll do a bulk update on all records of that type to change
them to published

Closing tech issues: all proposals are now published

Submitted by jamie on April 15, 2007 - 6:51pm.

So - edit own proposal is now functional.

Latest Happenings

2007 Social Forum