On 05/22/2016 12:08 AM, Harshit Bansal wrote:
Hi Simon, This is the discussion that I was referring to:
Harshit Bansal writes:
I think the "Permissions Systems" would have nothing to do with the core. It would be related to Postorius. We will have to create a style model separately in Postorius which would store the style name and the user who created it. Then only the user who has created the style would be granted the permission to edit it.
Stephen J. Turnbull wrote:
Then there is no *permissions* system! For example, one project last year created a Javascript client -- that would completely bypass the "permissions" system as you describe it. You could imagine that style changes are a "friendly users" feature, and so the "style owner" system would be a *safety* feature of the Postorius UI rather than an *authorization* feature of styles. But in an enterprise context (eg, a virtual hosting service), I'm sure that users will think of it as an authorization system. While at present it seems unlikely that there would be multiple interfaces on one hosting service, you never know what users will do[1]. Also, it would not be obvious to somebody who installed the node.js Mailman client that they are likely bypassing "security" as documented in the typical Mailman manuals and tutorials that you would find on the web.
Thanks, Harshit Bansal
Hi, Earlier, while discussing the permission system for manging styles, it was decided that the permissions system should be enforced in the core rather than in the postorius since otherwise it can be bypassed(deliberately or undeliberately). But one thing that I think I forgot to discuss was that currently there is no authorisation system in the core and now I am unable to figure out that how could the permissions be enforced in the core without an authorisation system. Should I workout an authorisation system for the core first or enforce permissions in postorius only?
After reading this and your proposal, I'm wondering why you want to add the permission system in postorius.
You are storing the styles in core, and grant permissions based on list/domain/site ownerships. All this information is in core.
Currently mailmanclient exposes everything, not caring about permissions. You have admin rights, whoever uses mailmanclient has to manage access on their own.
We currently have @list_moderator_required that we use in postorius. We are not doing anything with domain or site owners, but they should be pretty easy to implement.
While in theory it would be possible to enforce permissions in core about who is allowed to call specific rest calls, this would require a lot of changes. I'm not sure we want to go this way.
There are some things in core, that suggest that this might come sometime. (Users have passwords and you can authenticate them) But I guess this is somewhat legacy and will be dropped sometime in the future.