On Dec 11, 2007, at 1:35 PM, Laurence Rowe wrote:
#211: Enable dashboard to be locked down
+1 from me in general. imho it makes sense to separate those permissions as well as create a ui for group assignment (since these are already supported anyway). what about migration issues, though? already existing dashboard portlet registrations on users should probably be removed when they're set for the "authenticated" group. otherwise they might be un-shadowed should they ever be removed for the group again.
and wouldn't we also have to take care of replicating local settings of 'Portlets: Manage own portlets' with regard to the added permission? otherwise it might be possible to accidentally loosen security in some cases if the settings had been made more strict before. the same goes for workflows i guess — they would need to be checked to see if they manage the portlets permission. all pretty unlikely i suppose, but it could be an issue, imho.
thoughts? cheers, andi -- zeidler it consulting - http://zitc.de/ - [EMAIL PROTECTED] friedelstraße 31 - 12047 berlin - telefon +49 30 25563779 pgp key at http://zitc.de/pgp - http://wwwkeys.de.pgp.net/ plone 3.0.4 released! -- http://plone.org/products/plone
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Framework-Team mailing list Framework-Team@lists.plone.org http://lists.plone.org/mailman/listinfo/framework-team
