Skip to content
  • Hugh Davenport's avatar
    Fix permissions of group area (Bug #1034180) · f5cebdef
    Hugh Davenport authored
    
    
    A user should not be able to view/publish an artefact if
    - they don't have view/publish permission of that artefact
    - they don't have view permission of all parents of that artefact
    
    A user should not be able to edit an artefact if
    - they don't have edit permission of that artefact
    - they don't have edit permission of the immediate parent of that artefact
    - they don't have view permission of any parents below the immediate
    
    This is similar to the UNIX permissions, you shouldn't be able to view
    a directory unless all directories below have read (r) and executeable (x)
    bits set. The same for editing, you need write (w) permissions of the
    immediate parent, and rx for all parents.
    
    In Mahara, there are no executeable bits, but it can be assumed
    that view is basically the same as rw for container artefacts, and the same
    as r for non container artefacts.
    
    Change-Id: I4f84aca05dd08d02b05fbe084e4724f78c8681a0
    Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
    f5cebdef