- changed status to resolved
Restrict modifications to the user that inserted data
Issue #1
resolved
Given that a public SoL instance may collect tournaments of several different championships and thus owned by different people, it would be nice to have a way to prevent one user to change or delete data belonging to another user.
This requires inserting an owner field to most entities, and perform a check before writing data: the admin user may change/delete anything, normal users should be able to create new content or change existing content they owns.
Comments (1)
-
reporter - Log in to comment
Restrict modifications to the user that inserted data
Add an “owner” to the top level entities and permit altering them only to the administrator or to the responsible user.
This fixes issue
#1.→ <<cset 3922912f42ec>>