permissions should be ignored during lifecycle transitions
Reported by Bryan Larsen | January 6th, 2010 @ 04:38 PM | in Beyond Hobo 1.0
This is a suggestion from Tola:
Lifecycles already have a kind of permission system in :available_to. Therefore the standard permission system is often redundant and often gets in the way when changing model attributes from inside a lifecycle transition block.
The user model sort of includes this clause
self.class.has_lifecycle? &&
lifecycle.active_step
, which Tola has had to add to most of
her permissions.
Comments and changes to this ticket
-
Matt Jones January 6th, 2010 @ 07:16 PM
The only objection I can see to this is that if something like exempt_from_edit_checks is automatically turned on in the lifecycle, there's absolutely no way to override it (AFAIK).
I'd also point out that the above fragment is slightly overkill - the first part isn't required in a standard model permission method (one presumes that the coder knows if the model has a lifecycle or not...).
-
Owen January 10th, 2010 @ 07:13 PM
- Milestone set to Beyond Hobo 1.0
-
Bryan Larsen February 19th, 2010 @ 06:44 PM
- State changed from new to open
-
Matt Jones January 3rd, 2011 @ 09:52 PM
- Milestone order changed from 0 to 0
Oops - just got bitten by this today, as resetting passwords for users that aren't visible to Guest breaks. Note that we're now turning on
exempt_from_edit_checks
in lifecycle transitions, so my previous argument is invalid.Is there a reason to have
can_view?
checking whencan_edit?
is being short-circuited? Probably a bug...
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป