Logged Out
Create an Account
Login:
Password:

Forgot your password?
Calendar permissions

Calendar permissions
[Back to Index]  [Bottom of Thread]
Thread Tags
Primary: [Suggestions]
Secondary: None
I think the calendar needs a finer grain access control. Right now the permissions are such that you grant both event creation and signup approval through the "schedule" privilege. So if I want my members to be able to make their own events for 5-man dungeon crawls they inherently get the power to approve/disapprove signups for my 25-man raid. I'd like to see better control over this scenario so the general member cannot muck with the high end raid signups. Some possible solutions:

1) Restrict approval to the person who created the event.
2) Create a customizable category system with associated security privs.
3) Create a second system privilege that allows schedule approval. (Note that this introduces another problem: what if joe-member creates an event that requires approval, but joe-member can't approve? oops.)

Solution #1 is my preferred option.
Interesting.... I like.

--
It's all in the reflexes.
There a couple of different social engineering problems that go along with this and should be considered in whatever path you take.

1) People who don't know what they're doing and accidentally screw stuff up.
2) People who know what they're doing and are being malicious.
3) People who are on power trips and try to assert control over events that were organized by someone else.

Thankfully I've not seen #2 yet, but I've seen 1 and 3 in two different guilds on dkpsystem. For 2 and 3 (people intentionally doing stuff), it's difficult to fix: the instigators can simply overwrite your approval fixes after the fact.

Until I come up with a way to reach through the tubes that are the intarwebs and smack arbitrary people, all I can do is request fine grained access.
Ultimately, I'd probably treat it like I treat the Gallery permissions:

1) The Admins can and will change or authorize anything.
2) The Non-Admins can only change and only authorize for their own created events

--
It's all in the reflexes.
That would be perfect.


[Back to Index]  [Top of Thread]