Uploaded image for project: 'Play SQL'
  1. PLAYSQL-135

Permissions to restrict editing of spreadsheets

    Details

    • Type: New Feature
    • Status: Closed
    • Resolution: Resolved
    • Affects Version/s: None
    • Fix Version/s: 2.11
    • Component/s: None
    • Labels:
      None
    • Sprint:

      Description

      Companies often need to manage spreadsheets of info (e.g. inventory, customer lists), and having this info in PlaySQL Spreadsheets would be ideal. However there are two major problems:

      1. anyone with 'Create page' permission can edit a spreadsheet
      2. there is no tracking of what changes were made
        Problem #2 might be acceptable if permissions could be locked down to trusted users.

      Result

      I thought it would be complicated to use a different database user/password, but it is not, so I've implemented this part. It will be possible to override permissions at a space level:

      • For each permission (VIEW/EDIT/Structure/ADMIN), it is possible to either extend the space permissions or require another group.
      • For each permission, it is possible to specify a database user.
      • If you are using a JNDI connection, please use C3P0 instead of DBCP. The JNDI datasource is declared in the file server.xml. Our documentation has been updated from a DBCP example to a C3P0 example - See Declaring JNDI datasources for Confluence. The reason is, C3P0 allows using a JNDI datasource and overriding the user/password each time we connect with a different user, and that was not possible with DBCP.

      There are the following drawbacks:

      • Permissions aren't inherited. You must define them for VIEW, EDIT, Structure, ADMIN, even if they use the same settings.

        Attachments

          Activity

            People

            • Assignee:
              playsql Adrien Ragot (Play SQL / CYO)
              Reporter:
              jturner Jeff Turner
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: