[Bps-public-commit] jifty-plugin-recordhistory branch, master, updated. 0.04-6-gf94ab94
Shawn Moore
sartak at bestpractical.com
Thu Feb 24 17:40:51 EST 2011
The branch, master has been updated
via f94ab94f3c6f0420db62c7866e3b6b58121d6393 (commit)
from a759e672d14d92da763bb9488a07b7a4204cbab7 (commit)
Summary of changes:
lib/Jifty/Plugin/RecordHistory.pm | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
- Log -----------------------------------------------------------------
commit f94ab94f3c6f0420db62c7866e3b6b58121d6393
Author: Shawn M Moore <sartak at bestpractical.com>
Date: Thu Feb 24 17:40:39 2011 -0500
Document that we create changes as the superuser
diff --git a/lib/Jifty/Plugin/RecordHistory.pm b/lib/Jifty/Plugin/RecordHistory.pm
index fe6fe08..fa31991 100644
--- a/lib/Jifty/Plugin/RecordHistory.pm
+++ b/lib/Jifty/Plugin/RecordHistory.pm
@@ -99,6 +99,12 @@ delete changes and their change fields. If you want more fine-grained control
over this, you can implement a C<current_user_can_for_change> method in your
record class which, if present, we will use instead of this logic.
+When we create a Change record, we do it as the superuser because if by
+updating a record the ordinary user loses access to update the record, then
+they will get a permission error when we go to create the corresponding
+Change. So not only does that change not end up in the record's history, but
+also Jifty complains permission denied to the user directly.
+
=head1 SEE ALSO
L<Jifty::Plugin::ActorMetadata>
-----------------------------------------------------------------------
More information about the Bps-public-commit
mailing list