[MAGNOLIA-2971] workflow: base role should grant read permission to the workflow definitions Created: 15/Dec/09  Updated: 23/Jan/13  Resolved: 22/Dec/09

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: 4.2.2
Fix Version/s: 4.2.3, 4.3

Type: Bug Priority: Major
Reporter: Philipp Bärfuss Assignee: Philipp Bärfuss
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
dependency
depends upon MAGNOLIA-2603 workflow: baserole should not deny ac... Closed
depends upon MAGNOLIA-2977 security: provide some installation t... Closed
relation
is related to MGNLSTK-543 demo users: eric can't activate Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Comments   
Comment by Philipp Bärfuss [ 15/Dec/09 ]

This permission was originally removed while solving MAGNOLIA-2603. So re-adding this permission would again cause the same issue: superuser is then not able to edit workflows anymore.

Comment by Philipp Bärfuss [ 17/Dec/09 ]

As far I see we have the following options:

A) re-add that permission to the base role and add an explicit permission (rw) to the superuser role

  • not much work
  • not so nice if we have to add e

B) remove all roles/ACLs from the editor and publisher group

  • as they are used in the workflow they should be used to assign users to those groups only
  • in that case this groups should get a more explicit name

C) Ensure that the superuser has always all permissions

  • a bit similar to the unix root account

For this version I suggest to go for A) which is definitely the least intrusive option.

Comment by Philipp Bärfuss [ 17/Dec/09 ]

I have implemented A)

Comment by Magnolia International [ 17/Dec/09 ]

this needs to be merged to the trunk and marked as "fixed for" 4.3 as well

Comment by Philipp Bärfuss [ 22/Dec/09 ]

merged into the trunk

Generated at Mon Feb 12 03:41:55 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.