Feature Proposals » Self-service mdrepo management

Summary

Current State:	Developer:	Reason:	Date:	Concerns By:	Bug Tracking:	Proposed For:
AcceptedProposal	HideyoImazu	AcceptedByReleaseMeeting	2015-02-18		TWikibug:Item7613	KampalaRelease

Detail

TopicSummary:	Self-service mdrepo management
CurrentState:	AcceptedProposal
CommittedDeveloper:	HideyoImazu
ReasonForDecision:	AcceptedByReleaseMeeting
DateOfCommitment:	2015-02-18
ConcernRaisedBy:
BugTracking:	TWikibug:Item7613
OutstandingIssues:
RelatedTopics:
InterestedParties:
ProposedFor:	KampalaRelease
TWikiContributors:

Edit Form

TopicSummary:
CurrentState:
CommittedDeveloper:
ReasonForDecision:
DateOfCommitment:	Format: `YYYY-MM-DD`
ConcernRaisedBy:
BugTracking:
OutstandingIssues:
RelatedTopics:
InterestedParties:
ProposedFor:
TWikiContributors:

Motivation
Description and Documentation
Examples
Impact
Implementation
Discussion

Motivation

So far, only super admin group members can update mdrepo data. This doesn't scale well to a site having thousands of webs.

Description and Documentation

Introducing mdrepoOpAllowed() method in the user mapping handler (TWiki::Users::SomeMapping::mdrepoOpAllowed()).

TWiki::UI::MdrepoUI::mdrepo() will check if the current user mapping handler has a mdrepoOpAllowed() method. If exists, it's called to determine the operation is allowed for the data.

mdrepoOpAllowed() takes the following arguments.

$cUID - canonical user ID of the user
$cmd - a command (add, updt, del, etc.)
$table - the name of a table (webs, sites, etc.)
$recID - the record ID
$rec - hash reference of the new record value

If it allows the operation, it returns "". Otherwise, it returns the reason of not allowing.

Examples

lib/TWiki/UI/MdrepoUI.pm :

...
    if ( $cmdSpec && $table ) {
        if ( $mdrepo->{opts}{$table} =~ /b/ ) {
                 if ( $session->{mdrepo}{cont}{$table} ) {
-                    $output = &{$cmdSpec->[0]}($session, $table, $recId, \%rec);
+                    my $cUID = $session->{user};
+                    my $result;
+                    unless (
+                        $session->security->checkAccessPermission('CHANGE', $cUID)
+                        # super admin is allowed mdrepo operations regardless
+                    ) {
+                        my $mapping = $session->{users}->_getMapping($session->{user});
+                        $result = 'permission denied';
+                        if ( $mapping && $mapping->can('mdrepoOpAllowed') ) {
+                            $result = $mapping->mdrepoOpAllowed(
+                                $cUID, $cmdName, $table, $recId, \%rec);
+                            # mdrepoOpAllow() returns '' if the operation is
+                            # allowed. Otherwise, returns the reason of not
+                            # allowing
+                        }
+                    }
+                    if ( $result ) {
+                        $output = $result;
+                    }
+                    else {
+                        $output = &{$cmdSpec->[0]}(session, $table, $recId, \%rec);
+                    }
                 }
...

Impact

WhatDoesItAffect:	API

Implementation

-- Contributors: Hideyo Imazu - 2015-02-18

Discussion

Looks like a needed enhancement for large sites.

-- Peter Thoeny - 2015-02-18

ChangeProposalForm
TopicClassification	FeatureRequest
TopicSummary	Self-service mdrepo management
CurrentState	AcceptedProposal
CommittedDeveloper	HideyoImazu
ReasonForDecision	AcceptedByReleaseMeeting
DateOfCommitment	2015-02-18
ConcernRaisedBy
BugTracking	TWikibug:Item7613
OutstandingIssues
RelatedTopics
InterestedParties
ProposedFor	KampalaRelease
TWikiContributors

Topic revision: r4 - 2015-02-23 - HideyoImazu

Account
- Log In
- Register User

Edit
Attach

Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.