[Cosmo-dev] Re: securing access to items in multiple collections
Randy Letness
randy at osafoundation.org
Thu Sep 27 17:49:40 PDT 2007
Morgen Sagen wrote:
> Since the user has read-write access to the item, shouldn't they be
> able to modify it and put it in different collections? I thought the
> problem was when they subscribed with a read-only ticket and then
> copied an item from that collection to another they *do* have write
> access to.
>
Right, but the problem now is that because the read-write ticket isn't
included in morse-code publish/update requests, cosmo doesn't know if
the user really has write access to the item. It is technically
possible to turn a read-only ticket into a read-write ticket.
-Randy
More information about the cosmo-dev
mailing list