Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
There is a standard process used to backfill permissions. See e.g. SAK-21332. The same process is documented in a number of postings aimed at administrators. Unfortunately there's a serious problem with it.
The process puts the requested permission into all realms except !site.helper. This interacts badly with the standard permissions edit widget. That widget removes realm permissions when the same permission is inherited from !site.helper or !user.template.
E.g. set assignment2.read and assignment2.submit for Student in !user.template and all normal site realms. Now go into the permissions dialog in assignment2. For Student it will show read and submit as checked, but not selectable. That's because their presence in !user.template causes the permission to be inherited. If you then do Submit in the permissions tool, any read or submit permissions set for the realm will be removed. Unfortunately the assignment 2 tool itself doesn't check !user.template, so student scores will no longer show.
This is arguably a bug in assignment2. But if !user.template is inherited in the same way as !site.helper, I believe the standard backfill SQL should omit !user.template in the same way as !site.helper.
I'm not sure quite what you should do about this report. But at the very least i'd like to see future database upgrade scripts modified to not put the permission in !user.template.
Can someone please review and mark this JIRA as tested so we an merge it?
Sam Ottenhoff May 16, 2013 at 12:39 PM
Review would be much appreciated.
Trunk r124168
Added a readme with an explanation of a backfill script and an example.
Aaron Zeckoski May 16, 2013 at 9:47 AM
Suggested approach to fix this is to remove user.template changes from existing scripts Add a README or something like that to the location of the SCRIPTS with some best practices Maybe add a sample backfill script
Matthew Buckett April 22, 2013 at 8:52 AM
The problem of the permission helper dropping permissions when they are inherited is fixed under SAK-6361.
There is a standard process used to backfill permissions. See e.g. SAK-21332. The same process is documented in a number of postings aimed at administrators. Unfortunately there's a serious problem with it.
The process puts the requested permission into all realms except !site.helper. This interacts badly with the standard permissions edit widget. That widget removes realm permissions when the same permission is inherited from !site.helper or !user.template.
E.g. set assignment2.read and assignment2.submit for Student in !user.template and all normal site realms. Now go into the permissions dialog in assignment2. For Student it will show read and submit as checked, but not selectable. That's because their presence in !user.template causes the permission to be inherited. If you then do Submit in the permissions tool, any read or submit permissions set for the realm will be removed. Unfortunately the assignment 2 tool itself doesn't check !user.template, so student scores will no longer show.
This is arguably a bug in assignment2. But if !user.template is inherited in the same way as !site.helper, I believe the standard backfill SQL should omit !user.template in the same way as !site.helper.
I'm not sure quite what you should do about this report. But at the very least i'd like to see future database upgrade scripts modified to not put the permission in !user.template.