[ckan-dev] Cascading permissions in hierarchical organizations

• Previous message: [ckan-dev] Cascading permissions in hierarchical organizations
• Next message: [ckan-dev] Cascading permissions in hierarchical organizations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Nigel,


It seems ?that the cascading problem seems to be from our part, as we have modified the organization and had to integrate the ckanext-hierarchy into our extensions. I tried this with a fresh CKAN 2.2 and the ckanext-hierarchy, and the problem does not exist there.


However, what still does exist is that a normal user can select any organization as the parent organization. This is something I'm not sure is it by design or a bug.


-Ville


________________________________
From: ckan-dev <ckan-dev-bounces at lists.okfn.org> on behalf of Nigel Babu <nigel.babu at okfn.org>
Sent: Friday, April 4, 2014 7:59
To: CKAN Development Discussions
Subject: Re: [ckan-dev] Cascading permissions in hierarchical organizations

Hey Ville,

If you have `ckan.auth.roles_that_cascade_to_sub_groups = admin`, this sounds like a bug. Can you please file an issue on github?


Nigel Babu

Developer  |  @nigelbabu<https://twitter.com/nigelbabu>

The Open Knowledge Foundation<http://okfn.org/>

Empowering through Open Knowledge

http://okfn.org/  |  @okfn<http://twitter.com/OKFN>  |  OKF on Facebook<https://www.facebook.com/OKFNetwork>  |  Blog<http://blog.okfn.org/>  |  Newsletter<http://okfn.org/about/newsletter>


CKAN | http://ckan.org/ | @CKANproject<http://twitter.com/CKANproject> | the world's leading open-source data portal platform


On 1 April 2014 14:53, Ville Seppänen <ville.seppanen at gofore.com<mailto:ville.seppanen at gofore.com>> wrote:
Hi,

I'm trying to enable hierarchical organizations using the ckanext-hierarchy extension and CKAN 2.2. We have a couple of requirements how the permissions should work in our case:

- When selecting a parent organization for an organization, a user should only be able to select organizations in which he/she is an admin.
- A user who is an admin in an organization, should also be an admin in all its child organizations.

However, currently neither is working and I'm not completely sure how this even should work by default. I looked at this issue https://github.com/ckan/ckan/issues/1038 and there's a comment that "cascading permissions has been done".

If I create a new organization with a fresh, non-sysadmin user, I can select any existing organization as the parent. Also, the admin of a parent organization does not seem to get any additional rights for child organizations created by someone else.

Any ideas how this should work by default, am I missing some configuration or is there a bug?

Best Regards,
Ville Seppänen
_______________________________________________
ckan-dev mailing list
ckan-dev at lists.okfn.org<mailto:ckan-dev at lists.okfn.org>
https://lists.okfn.org/mailman/listinfo/ckan-dev
Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20140404/434eb48c/attachment-0003.html>

• Previous message: [ckan-dev] Cascading permissions in hierarchical organizations
• Next message: [ckan-dev] Cascading permissions in hierarchical organizations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]