Ticket #833 (closed Defect: fixed)
Deleting a topic when private associations exist
Reported by: | jri | Owned by: | jri |
---|---|---|---|
Priority: | Major | Milestone: | Release 4.7 |
Component: | DeepaMehta Standard Distribution | Version: | 4.6.1 |
Keywords: | Cc: | dgf, Malte, JuergeN | |
Complexity: | 3 | Area: | |
Module: | deepamehta-accesscontrol |
Description
Consider this situation: user A creates topic 1 in a public workspace. User B reveals topic 1 in hers private workspace and creates topic 2 and associates the two topics. Note that the association is private to User B. Now user A deletes topic 1. This fails as deleting a topic always includes deleting all its associations, but user A has no permission to delete user B's association. An exception occurs and the delete operation is rolled back.
How to deal with that?
- A topic can be deleted if the user has WRITE permission for that topic AND all its associations. That is the status quo.
or ...
- A topic can be deleted if the user has WRITE permission for that topic. All its associations are deleted via a privileged operation, that is associations are deleted the current user has no permission for.
or something else?
Change History
comment:1 in reply to: ↑ description Changed 9 years ago by jri
comment:2 follow-up: ↓ 5 Changed 9 years ago by JuergeN
As agreed yesterday I think this is the right approach for the moment. The only thing I would like to suggest, is to inform the user about the existing assocs, so that she can decide how to continue. The technical assocs (workspace, owner, etc.) should be ignored here. A valid information could be: This topic has n other existing associations. Are you sure you want to delete it?
comment:4 Changed 9 years ago by jri
In the course of refactoring #935 the bug "Deleting a topic when private associations exist" is now fixed.
Please test!
comment:5 in reply to: ↑ 2 Changed 9 years ago by jri
Replying to JuergeN:
The only thing I would like to suggest, is to inform the user about the existing assocs, so that she can decide how to continue. The technical assocs (workspace, owner, etc.) should be ignored here. A valid information could be: This topic has n other existing associations. Are you sure you want to delete it?
Yes, this is a good idea. Equally important might be to inform all affected users in some way about the deletion. To be discussed.
Replying to jri:
Meanwhile we decided for this approach. A requirement is described in #933.