Ticket #833 (closed Defect: fixed)

Opened 6 years ago

Last modified 6 years ago

Deleting a topic when private associations exist

Reported by: jri Owned by: jri
Priority: Major Milestone: Release 4.7
Component: DeepaMehta Standard Distribution Version: 4.6.1
Keywords: Cc: dgf, Malte, JuergeN
Complexity: 3 Area:
Module: deepamehta-accesscontrol

Description

Consider this situation: user A creates topic 1 in a public workspace. User B reveals topic 1 in hers private workspace and creates topic 2 and associates the two topics. Note that the association is private to User B. Now user A deletes topic 1. This fails as deleting a topic always includes deleting all its associations, but user A has no permission to delete user B's association. An exception occurs and the delete operation is rolled back.

How to deal with that?

  1. A topic can be deleted if the user has WRITE permission for that topic AND all its associations. That is the status quo.

or ...

  1. A topic can be deleted if the user has WRITE permission for that topic. All its associations are deleted via a privileged operation, that is associations are deleted the current user has no permission for.

or something else?

Change History

comment:1 in reply to: ↑ description Changed 6 years ago by jri

Replying to jri:

  1. A topic can be deleted if the user has WRITE permission for that topic. All its associations are deleted via a privileged operation, that is associations are deleted the current user has no permission for.

Meanwhile we decided for this approach. A requirement is described in #933.

comment:2 follow-up: ↓ 5 Changed 6 years ago by JuergeN

As agreed yesterday I think this is the right approach for the moment. The only thing I would like to suggest, is to inform the user about the existing assocs, so that she can decide how to continue. The technical assocs (workspace, owner, etc.) should be ignored here. A valid information could be: This topic has n other existing associations. Are you sure you want to delete it?

comment:3 Changed 6 years ago by jri

  • Status changed from new to accepted
  • Owner set to jri

comment:4 Changed 6 years ago by jri

In the course of refactoring #935 the bug "Deleting a topic when private associations exist" is now fixed.
Please test!

comment:5 in reply to: ↑ 2 Changed 6 years ago by jri

Replying to JuergeN:

The only thing I would like to suggest, is to inform the user about the existing assocs, so that she can decide how to continue. The technical assocs (workspace, owner, etc.) should be ignored here. A valid information could be: This topic has n other existing associations. Are you sure you want to delete it?

Yes, this is a good idea. Equally important might be to inform all affected users in some way about the deletion. To be discussed.

comment:6 Changed 6 years ago by jri

  • Status changed from accepted to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.