Ticket #829 (closed Enhancement: wontfix)

Opened 6 years ago

Last modified 6 years ago

Access Control: programatic switching to "System" role

Reported by: jri Owned by: jri
Priority: Major Milestone: Release 4.7
Component: DeepaMehta Standard Distribution Version: 4.6.1
Keywords: Cc: dgf, Malte, JuergeN
Complexity: 5 Area:
Module: deepamehta-accesscontrol

Description

Plugins must be able to deliberately execute certain code under the "System" authority. This is required by system-near plugins like DM4 Sign-up.

The measures already taken to undermine the access control system must be reverted then:

  • AC Service's createUserAccount() and getUsernameTopic() methods must not be invokable via unauthorized request (#811).
  • The Core's public AccessControl? support object must be dropped.

Change History

comment:1 Changed 6 years ago by jri

  • Status changed from new to accepted

comment:2 Changed 6 years ago by jri

  • Status changed from accepted to closed
  • Resolution set to wontfix

Sorry, change of plan. For the moment I decided not to provide a generic "run as system" mechanism. I want avoid proliferation of privileged code. Developers might be seduced to resort to privileged code too early and thus possibly undermining the access control mechanism without a need.

Instead I go for a fixed set of privileged methods as specified in the Core's AccessControl interface. This set might be expanded in communication with the Core developer. My feeling is that the AccessControl interface will finally converge to a fixed state.

Note: See TracTickets for help on using tickets.