1. Lele Gaifax Avatar Lele Gaifax
  2. Untitled project
  3. SoL
  4. Issues

Restrict modifications to the user that inserted data

Issue #1 resolved
Lele Gaifax repo owner created an issue

Given that a public SoL instance may collect tournaments of several different championships and thus owned by different people, it would be nice to have a way to prevent one user to change or delete data belonging to another user.

This requires inserting an owner field to most entities, and perform a check before writing data: the admin user may change/delete anything, normal users should be able to create new content or change existing content they owns.

Comments (1)

  1. Lele Gaifax reporter

    Restrict modifications to the user that inserted data

    Add an “owner” to the top level entities and permit altering them only to the administrator or to the responsible user.

    This fixes issue #1.

    → <<cset 3922912f42ec>>

  2. Log in to comment
Assignee
Type
enhancement
Priority
major
Status
resolved
Version
Version 3.0
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!