Subject: The mailing list for listmasters using Sympa
List archive
Re: [sympa-users] Listmaster inherits all list owner permissions in Scenari
- From: "Roger B.A. Klorese" <address@concealed>
- To: Chris Peck <address@concealed>, Steve Shipway <address@concealed>
- Cc: address@concealed
- Subject: Re: [sympa-users] Listmaster inherits all list owner permissions in Scenari
- Date: Sun, 27 Jul 2014 15:31:14 -0700
|
Please make this configurable for the
site or robot. It is our policy that our senior administrative
staff must be able to post to every list we host.
On 7/24/14, 7:22 PM, Chris Peck wrote: I agree. Its a simple change and makes sense. I've
never been bitten by this, but, with the expansion of giving
list master privileges here to others I like this idea. On Jul 24, 2014 10:08 PM, "Steve Shipway"
<address@concealed>
wrote:
In the current 6.1.19 Sympa, it seems that Listmasters will automatically inherit Owner permissions for all lists whenever a Scenario is evaluated.
This produced the unfortunate side effect that, if you are a listmaster, you can post to any list that allows an owner to post to it, even if you are not the list owner or member. Therefore, lists to which you would have expected to have your postings moderated will allow you to post without problem. This is causing us some headaches with people bypassing moderation on highly-sensitive lists unintentionally.
The reason for this is in Scenario.pm, function verify(), around line 889. The scenario is evaluated, and is_owner (and is_editor) are checked by calling $list->am_i with parameters ‘owner’ and the user email. The am_i function (in List.pm) grants Listmasters Owner and Editor rights to everything unless in ‘strict’ mode.
I would suggest that the calls to am_i should pass the ‘strict’ parameter. If you want Listmasters to have the rights automatically, you can always put ‘is_listmaster([sender]) smtp,dkim,smime do_it’ into your scenario or into include.send.header if you prefer.
Thus, we would change this:
if ($list2->am_i('owner', $arg)) {
to this:
if ($list2->am_i('owner', $arg,{strict=>1})) {
and similarly for the ‘editor’ check a few lines later.
Since (I don’t believe) the current behaviour of is_owner and is_editor is documented in the Sympa documentation, I think that it should be changed to the more intuitive ‘strict’ behaviour.
Does anyone have any comments? Else I’ll log this as a feature request to the tracker.
Steve
Steve Shipway University of Auckland UNIX Systems Design Team Lead address@concealed +64 (9) 3737 599 ext 86487
|
-
[sympa-users] Listmaster inherits all list owner permissions in Scenari,
Steve Shipway, 07/25/2014
-
Re: [sympa-users] Listmaster inherits all list owner permissions in Scenari,
Chris Peck, 07/25/2014
-
Re: [sympa-users] Listmaster inherits all list owner permissions in Scenari,
Roger B.A. Klorese, 07/27/2014
-
RE: [sympa-users] Listmaster inherits all list owner permissions in Scenari,
Steve Shipway, 07/27/2014
- Re: [sympa-users] Listmaster inherits all list owner permissions in Scenari, Roger Klorese, 07/27/2014
- Re: [sympa-users] Listmaster inherits all list owner permissions in Scenari, Tornóci László, 07/28/2014
-
RE: [sympa-users] Listmaster inherits all list owner permissions in Scenari,
Steve Shipway, 07/27/2014
-
Re: [sympa-users] Listmaster inherits all list owner permissions in Scenari,
Roger B.A. Klorese, 07/27/2014
-
Re: [sympa-users] Listmaster inherits all list owner permissions in Scenari,
Chris Peck, 07/25/2014
Archive powered by MHonArc 2.6.19+.