[MGNLRSSAGG-45] Add a rss-aggregator-base user role to bootstrap ACLs for RSS Aggregator Created: 14/Feb/11  Updated: 06/Jan/12  Resolved: 08/Dec/11

Status: Closed
Project: Magnolia RSS Aggregator Module
Component/s: None
Affects Version/s: 1.2
Fix Version/s: 1.2.2

Type: Improvement Priority: Neutral
Reporter: Matt Dertinger Assignee: Milan Divilek
Resolution: Fixed Votes: 0
Labels: data, rssaggregator, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File userroles.rss-aggregator-base.xml    
Issue Links:
relation
is related to MGNLCAT-32 Add a categorization user role to boo... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:
Visible to:
Yun Qian

 Description   

Hi,

I've tried unsuccessfully to find documentation on how to best assign read permissions for the RSS Aggregator content to the Anonymous user. I've got it working, but I was wondering if it would make sense to create a rss-aggregator-base user role that would get bootstrapped when the RSS Aggregator module is installed, then update the Anonymous System User to include rss-aggregator-base in its list of roles? This would seem to be consistent with how the ACLs for most of the other modules are handled, for instance contact-base, public-user-registration-base, imaging-base, etc.

What are your thoughts on this?

Aside from the ACLs for the RSS Aggregator module, the Categorization module updates the anonymous role directly within it's version handler. Maybe there should be a categorization-base user role created for this too?

What do you think?

Thanks,
Matt



 Comments   
Comment by Magnolia International [ 22/Mar/11 ]

Yeah, that is probably a good idea.
-base roles are (were?) meant as a, erm, base for more complex roles.
In the case of rss, categorization, and probably contacts, what we want is a "-read" role that simply grants read-only access to a portion of a given repo, data in this case.

Adding those roles to the Anonymous user should be left up to projects (i.e demo project or your own).

Comment by Milan Divilek [ 08/Dec/11 ]

Add rss-aggregator-base role, that provide read permission for rss part data repo. Adding this role to any role/groups/user depends on consideration of developer. By default it isn't assigned to any role/groups/user.

Generated at Mon Feb 12 07:04:59 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.