Change default of auth.roles.editor to ROLE_USER (allowing everyone to use the editor)
#1203
Labels
area:auth
Authentication and Authorization
changelog:breaking
Breaking changes
kind:improvement
next-breaking-change
Things that should be released with the next breaking-change release
status:blocked
Blocked by something else
Milestone
Comments
LukasKalbertodt
added
kind:improvement
status:blocked
|
Quick question mainly for my understanding: This would allow everyone to see (and use) the editor
Correct? |
|
Yes, but the second point is redundant as users have write-access to their own videos. (At least unless taken away somehow, but that's super rare). So the statement can be shortened to: "This would allow everyone to see (and use) the editor for videos they have write-access to." |
LukasKalbertodt
added
the
next-breaking-change
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The editor button is only shown for events that the user has write access to. So unlike the permissions for Studio and the uploader, there are other pre-conditions and generally, the risk of users abusing this power is a lot lower. Again: they had to be given write access to an event first.
There are very few reasons to disable the editor for users. For example, if there are custom workflows that don't work with the editor, or if users are supposed to use some other software for editing videos. On the other hand, having the editor button not show up for users with write access to a video can cause lots of confusion. So I think changing the default is a good idea.
Unfortunately, there is still one main reason to disable the editor: #600. So this issue is blocked by #600 and we should only change the default once we can make sure the auth works all the time.
The text was updated successfully, but these errors were encountered: