Tags:
create new tag
, view all tags

Feature Proposals » Self-service mdrepo management

Summary

Current State: Developer: Reason: Date: Concerns By: Bug Tracking: Proposed For:
AcceptedProposal HideyoImazu AcceptedByReleaseMeeting 2015-02-18   TWikibug:Item7613 KampalaRelease

Edit Form

TopicSummary:
CurrentState:
CommittedDeveloper:
ReasonForDecision:
DateOfCommitment:   Format: YYYY-MM-DD
ConcernRaisedBy:
BugTracking:
OutstandingIssues:
RelatedTopics:
InterestedParties:
ProposedFor:
TWikiContributors:
 

Motivation

So far, only super admin group members can update mdrepo data. This doesn't scale well to a site having thousands of webs.

Description and Documentation

Introducing mdrepoOpAllowed() method in the user mapping handler (TWiki::Users::SomeMapping::mdrepoOpAllowed()).

TWiki::UI::MdrepoUI::mdrepo() will check if the current user mapping handler has a mdrepoOpAllowed() method. If exists, it's called to determine the operation is allowed for the data.

mdrepoOpAllowed() takes the following arguments.

  • $cUID - canonical user ID of the user
  • $cmd - a command (add, updt, del, etc.)
  • $table - the name of a table (webs, sites, etc.)
  • $recID - the record ID
  • $rec - hash reference of the new record value
If it allows the operation, it returns "". Otherwise, it returns the reason of not allowing.

Examples

lib/TWiki/UI/MdrepoUI.pm :

...
    if ( $cmdSpec && $table ) {
        if ( $mdrepo->{opts}{$table} =~ /b/ ) {
                 if ( $session->{mdrepo}{cont}{$table} ) {
-                    $output = &{$cmdSpec->[0]}($session, $table, $recId, \%rec);
+                    my $cUID = $session->{user};
+                    my $result;
+                    unless (
+                        $session->security->checkAccessPermission('CHANGE', $cUID)
+                        # super admin is allowed mdrepo operations regardless
+                    ) {
+                        my $mapping = $session->{users}->_getMapping($session->{user});
+                        $result = 'permission denied';
+                        if ( $mapping && $mapping->can('mdrepoOpAllowed') ) {
+                            $result = $mapping->mdrepoOpAllowed(
+                                $cUID, $cmdName, $table, $recId, \%rec);
+                            # mdrepoOpAllow() returns '' if the operation is
+                            # allowed. Otherwise, returns the reason of not
+                            # allowing
+                        }
+                    }
+                    if ( $result ) {
+                        $output = $result;
+                    }
+                    else {
+                        $output = &{$cmdSpec->[0]}(session, $table, $recId, \%rec);
+                    }
                 }
...

Impact

Implementation

-- Contributors: Hideyo Imazu - 2015-02-18

Discussion

Looks like a needed enhancement for large sites.

-- Peter Thoeny - 2015-02-18

Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2015-02-23 - HideyoImazu
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.