[Bps-public-commit] jifty-plugin-recordhistory branch, master, updated. 0.04-6-gf94ab94

Shawn Moore sartak at bestpractical.com
Thu Feb 24 17:40:51 EST 2011


The branch, master has been updated
       via  f94ab94f3c6f0420db62c7866e3b6b58121d6393 (commit)
      from  a759e672d14d92da763bb9488a07b7a4204cbab7 (commit)

Summary of changes:
 lib/Jifty/Plugin/RecordHistory.pm |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

- Log -----------------------------------------------------------------
commit f94ab94f3c6f0420db62c7866e3b6b58121d6393
Author: Shawn M Moore <sartak at bestpractical.com>
Date:   Thu Feb 24 17:40:39 2011 -0500

    Document that we create changes as the superuser

diff --git a/lib/Jifty/Plugin/RecordHistory.pm b/lib/Jifty/Plugin/RecordHistory.pm
index fe6fe08..fa31991 100644
--- a/lib/Jifty/Plugin/RecordHistory.pm
+++ b/lib/Jifty/Plugin/RecordHistory.pm
@@ -99,6 +99,12 @@ delete changes and their change fields. If you want more fine-grained control
 over this, you can implement a C<current_user_can_for_change> method in your
 record class which, if present, we will use instead of this logic.
 
+When we create a Change record, we do it as the superuser because if by
+updating a record the ordinary user loses access to update the record, then
+they will get a permission error when we go to create the corresponding
+Change. So not only does that change not end up in the record's history, but
+also Jifty complains permission denied to the user directly.
+
 =head1 SEE ALSO
 
 L<Jifty::Plugin::ActorMetadata>

-----------------------------------------------------------------------



More information about the Bps-public-commit mailing list