ninewise
commented
10 years ago I think this was my doing, but isn't that what we want? I'd think you be able to edit registrations for an event, if you can edit the event, itself.
Open TomNaessens opened 10 years ago
ninewise
commented
10 years ago I think this was my doing, but isn't that what we want? I'd think you be able to edit registrations for an event, if you can edit the event, itself.
TomNaessens
commented
10 years ago For now, yes. But in the future we might to have people who can only edit registrations without being able to edit the event details. Another example is the destroy action for a registration, people who can manage the event can delete registrations, but we might add a feature where certain people are responsible for the details and other people for the registrations (eventpraeses vs. treasurer for example).
Sometimes, we check an authorization for an event while we are cruding a registration. This poses no security issue yet as we don't have a fine grained security (praesidium can do everything) but could pose problems in the future.