[ckan-dev] organization deletion

• Previous message: [ckan-dev] organization deletion
• Next message: [ckan-dev] Setting up DataStore
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8 October 2012 13:33, David Raznick <david.raznick at okfn.org> wrote:
> Hello,
>
> The logic was that, on most instances, because org admins are not
> allowed to make an organization they should not be able to delete them
> either.  These are the relevant user stories:

org admins creating orgs makes no sense - org admins are only admins
for the org they are an admin of

>
> * **Users** can create new organizations, if this is enabled in the config
>   file (boolean option), and will automatically become admin of the new
>   organization
> * **Users** can create new groups, if this is enabled in the config
>   file (another boolean option), and will automatically become admin of the new
>   group
>
by creating the orgs they become admins - the only other way is to be
assigned as an admin by an orgs admin or a sysadmin

> I think these boolean options should define if an admin of the
> group/org can delete the group/org as well. i.e if a user is allowed
> to make a group/org then they are allowed to delete it too.
>

This sort of messes up my permissions model as an admin currently can
do anything but this can be changed

So you are saying that if a user can create a group/org then an admin
of that group or org can delete it but otherwise not?  This logic can
be added fairly easily but will make the code more ugly - is this
likely a one off rule or are more going to be added later I ask this
as it would affect how I implemented this change.

Also more importantly do you see the permissions on groups vs orgs
being asymmetric ie a org editor has different permissions than a
group editor?

cheers

toby

ps I'd like to catch up with you at some pointt re other bits of this
work - let me know when you have some free time - hope your break was
nice

> The case of ec is they have a predefined list of orgs and deleting them
> by the org admins (by mistake or otherwise) would cause pain.
>
> Thanks
>
> David
>
> On Wed, Oct 3, 2012 at 2:54 PM, Toby Dacre <toby.okfn at gmail.com> wrote:
>> On 3 October 2012 14:49, Sean Hammond <sean.hammond at okfn.org> wrote:
>>>> According to
>>>>
>>>> https://raw.github.com/okfn/ckan/c49c3d7a6e6a635ceecd796b55a679f519242830/doc/organizations_and_groups.rst
>>>>
>>>> an group admin can delete a group but an org admin cannot delete an
>>>> org is there a logic to this it just seems to add complexity for no
>>>> benefit.  Is there a valid reason
>>>
>>> Afaik this wasn't a deliberate decision looks like an accidental
>>> omission, I would say org admin or sysadmin can delete org, perhaps
>>> kindly would disagree
>>>
>> This would mean that the permissions for both groups and orgs remain
>> in sync even if some of the 'logic' and 'auth' functions differ
>> also this is now implemented
>>> _______________________________________________
>>> ckan-dev mailing list
>>> ckan-dev at lists.okfn.org
>>> http://lists.okfn.org/mailman/listinfo/ckan-dev
>>
>> _______________________________________________
>> ckan-dev mailing list
>> ckan-dev at lists.okfn.org
>> http://lists.okfn.org/mailman/listinfo/ckan-dev
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/ckan-dev

• Previous message: [ckan-dev] organization deletion
• Next message: [ckan-dev] Setting up DataStore
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]