Home » Download » Modules » Flag » Issues

[API] Possibility to skip user permission check

mooffie - October 12, 2008 - 15:28
Project:Flag
Version:6.x-1.x-dev
Component:Code
Category:feature request
Priority:normal
Assigned:Unassigned
Status:closed
Description

Our API should have the ability to flag an item, on behalf of a user, even if the this user doesn't have permission to use this flag.

AttachmentSize
skip_perm_check.diff1.27 KB
» Login or register to post comments

#1

mooffie - October 12, 2008 - 15:50

The #320276: Respect flag defaults on node/add forms regardless of permission issue describes one use case for this feature.

Login or register to post comments

#2

mooffie - October 12, 2008 - 15:52

Another reason to have this feature: security.

It's ironic, but in not having this feature we may drive some programmers into doing some unsecure things (e.g. switching to the 'admin' account because cron.php runs as anonymous).

Login or register to post comments

#3

quicksketch - October 13, 2008 - 03:35
Status:needs review» reviewed & tested by the community

Looks good to me.

Login or register to post comments

#4

mooffie - October 16, 2008 - 16:16
Status:reviewed & tested by the community» fixed

Committed.

Login or register to post comments

#5

Anonymous (not verified) - October 30, 2008 - 16:21
Status:fixed» closed

Automatically closed -- issue fixed for two weeks with no activity.

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.