Editing someone's profile photo?!

Editing someone's profile photo?!+issue

Is it a security problem that I can edit someone else profile photo?

Can there be a rule setup to prevent other users changing other people's profile data?

  • View
  • Changes
  • Options
  • Related
  • Edit
    •
    Editing someone's profile photo?!+example    

    http://www.wagn.org/wagn/John_Abbe

    Double click photo to upload different image.
    Editing someone's profile photo?!+example, Editing someone's profile photo?!, example cviz  
    Status:
    acknowledged

  • View
  • Changes
  • Options
  • Related
  • Edit
    •
    Editing someone's profile photo?!+discussion    

    You can now make a rule such as image+*right+*update, add the user's name, and only they will be able to edit their +image card. I don't know yet if there's a way to have Wagn automatically do that for each user, with their name. --John Abbe  fwiw, the rule should actually be on *self not *right for this workaround -- efm.

    Having wagn set the permission automatically on user cards is VERY important in my opinion. Perhaps through a owner role which points to the card creator?

    If users can modify each others details, the implementations of wagn remain very limited.

      --cviz.....Thu Oct 20 16:53:21 -0700 2011

    hi cviz, there isn't a super simple way to do this yet, but we recognize that this is an important user story, and 95% of the work has been done to get us there.

     

    The primary focus of Wagn 1.7 was to setting-ize permissions, meaning to make the permissions system use our set/settings pattern. This was a major project, and the data migration was the biggest in our history.

     

    Now that it is possible (and scalable) to assign permissions to individuals (and not just groups/roles as before), it should be a much smaller step to have permissions default to a given individual.

     

    My temptation is to do something very close to the owner role that you mention, but rather than having a separate *role* per se, to make "creator" a value that you can choose on any permissions rule. This preserves the useful distinction of a role as an absolute user set, and it obviates the need for a separate owner interface.

     

    Does anyone see a major downside to this solution?

      --Ethan McCutchen.....Tue Oct 25 11:33:41 -0700 2011

    I see a downside, Self. You can't transfer creatorship, which means if you wanted to move permissions to someone else you might have to change multiple permissions settings. That's the key value the "owner" abstraction offers.

      --Ethan McCutchen.....Fri Mar 23 23:24:49 +0000 2012
    Editing someone's profile photo?!+discussion, Editing someone's profile photo?!, discussion Ethan McCutchen  

    try it

     

    wagneers

    intro

    videos

    features

    syntax

    weekly calls

    ideas

     

    twitter

    mailing list

     

    developers

    roadmap

    next release

    tickets

    pack API

    REST API

    one-pager

     

    github

    mailing list

     

    wagn.org

    recent

    todo