#4069 Restrict ACLs that make projects private

unreleased
review
nobody
General
2012-11-28
2012-04-17
No

We have a neighborhood flag private_projects that determines whether neighborhood admins can create a project as private. However, currently after registering a project a project admin can change their 'read' permission to not allow *anonymous. That makes the project private.

We should only allow that ACL change (removing anonymous read) within neighborhoods that allow private projects and by neighborhood admins (so it matches the restrictions at project creation time). Otherwise show an error message if attempted.

Related

Tickets: #4069

Discussion

  • Chris Tsai - 2012-06-11

    We should probably also figure out how many/which projects have flipped that and send them a note that we're flipping it back.

     
  • Dave Brondsema

    Dave Brondsema - 2012-08-23
    • labels: --> 42cc, support
    • Description has changed:

    Diff:

    --- old
    +++ new
    @@ -1,3 +1,3 @@
    -We have a neighborhood flag that determines whether neighborhood admins can create a project as private.  However, any individual project admin can change their 'read' permission to not allow `*anonymous`.  That makes the project private.  We should only allow that ACL change within neighborhoods that allow private projects.  Otherwise show an error saying anonymous read cannot be removed.
    +We have a neighborhood flag `private_projects` that determines whether neighborhood admins can create a project as private.  However, currently after registering a project a project admin can change their 'read' permission to not allow `*anonymous`.  That makes the project private.
    
    -To do: we should still have a way for site admins (higher level than neighborhood admin, which isn't really defined yet) to make a project private.
    +We should only allow that ACL change (removing anonymous read) within neighborhoods that allow private projects and by neighborhood admins (so it matches the restrictions at project creation time).  Otherwise show an error message if attempted.
    
     
  • Yaroslav Luzin

    Yaroslav Luzin - 2012-08-28
    • status: open --> in-progress
     
  • Yaroslav Luzin

    Yaroslav Luzin - 2012-08-28

    created #156: [#4069] Restrict ACLs that make projects private (1cp)

     

    Related

    Tickets: #4069

  • Yaroslav Luzin

    Yaroslav Luzin - 2012-08-30

    closed #156, branch - 42cc_4069

    • status: in-progress --> code-review
     
  • Dave Brondsema

    Dave Brondsema - 2012-10-05
    • qa: Dave Brondsema
     
  • Chris Tsai - 2012-11-28
    • labels: 42cc, support --> 42cc, support, p3