security model

[GoogleCodeExporter]

what access to editors and authors need and how do we deal with permissions?

author group and editor group should do the trick.

authors should only have access (read/update) to their stories, editors should 
have access 
(read/update) to any story.

we decided that let's deprioritize this for now until we get more feedback 
about the workflow of the 
existing system and people start using playing with it to see what kind of 
permissions model we 
need or what the permissions requirement really is.

Original issue reported on code.google.com by mand...@gmail.com on 22 May 2009 at 7:04

[GoogleCodeExporter]

<yml> johnetynan: could you please reformulate the requirements for this 
iteration ?
<yml> that I could paste it into the ticket
<johnetynan> sure.
<johnetynan> authors can only view/edit their own stories
<mandric> johnetynan:  so profiles will not be tied to affiliates then for June 
8?
<johnetynan> editors can edit/view any stories
<yml> and editor is just a goup called "Editors", right ?
<johnetynan> yml: yes

Original comment by yann.ma...@gmail.com on 26 May 2009 at 5:40