Make it possible not to allow anyone to edit Diffusion identities.
Make it possible not to allow anyone to view other users' email addresses.
Closes T15443
Differential D25450
Add Diffusion policy capability "Can Edit and View Identities" aklapper on Oct 26 2023, 19:30. Authored by Tags None Referenced Files
Details
Make it possible not to allow anyone to edit Diffusion identities. Closes T15443
Diff Detail
Event TimelineComment Actions Note that this patch does NOT default to admin as proposed in T15443#9918 as I could imagine confusion by overwriting that value on existing installations. Happy to adjust though... Comment Actions Maybe add some doc - the view and edit actions being lumped together are because it would be a larger change to split out that functionality right now, correct? In general I’m not familiar with the upgrade/migration of policies and what needs considered. E.g this policy doesn’t exist today at all (or, the value for the application is hardcoded) and so a database migration wouldn’t be necessary. After this change lands the selected policy would exist in the database somewhere - if we do eventually split the view and edit policy into separate policies would that require a database migration? Comment Actions Create, view, and edit are lumped together because I do not see a use case to split them. (In which situations do average users usually want to see/browse Diffusion identities?)
That also my understanding; similar past changes like rP7ed35123a347a05c70c97eba2bec2b36eb2b3218 did not require database handling.
I do not know either what a potential future split would imply. I'd like to see arguments why to split these policies further. |