Page 1 of 1
Improving the editor: business logic for permissions
Posted: Sat Nov 10, 2012 1:22 am
by MisterMooCow
Has there been a major change to the API that the editors use (with the demise of cartouche_old)?
I'm really annoyed at no longer being able to "work around" permission issues by using cartouche_old, so I'm contemplating a deep-dive into the WME javascript to come up with another workaround. Assuming they're still implementing the permissions business logic in the editor (and allowing essentially a free-for-all at the raw web services interface), it should be possible to come up with a more intelligent permissions mechanism using an extension.
Anyone looked into this?
On the other hand, I'm just about to cross 200K edits-- is that still the threshold for loosening the shackles?
Re: Improving the editor: business logic for permissions
Posted: Mon Nov 12, 2012 1:23 am
by AlanOfTheBerg
bgodette wrote:jhfrontz wrote:Then why was it possible to circumvent that in cartouche_old?
Because it was a different backend.
And whether the code which is doing different permissions checking now is part of something in the webserver or within the database, we don't know and it doesn't really matter. Permissions are taken care of server side and there's little we could do from the browser side except make things more restrictive. Which, ultimately, could be easily circumvented with userscripts.
Re: Improving the editor: business logic for permissions
Posted: Sun Nov 11, 2012 5:55 pm
by bgodette
jhfrontz wrote:Anyone looked into this?
Modifications are verified server side, and have been ever since Papyrus was been around in 2009, that's why you get save errors.
Re: Improving the editor: business logic for permissions
Posted: Sun Nov 11, 2012 10:46 pm
by bgodette
jhfrontz wrote:Then why was it possible to circumvent that in cartouche_old?
Because it was a different backend.
Re: Re: Improving the editor: business logic for permissions
Posted: Sun Nov 11, 2012 8:57 pm
by Kuhlkatz
jhfrontz wrote:
Then why was it possible to circumvent that in cartouche_old?
Maybe the different URLs should provide a hint that they likely made use of different Web server back end interfaces.
I thought the whole idea of the level locks were to STOP editors from changing whatever they shouldn't.
I'm not expecting you to get much traction here or much help from Waze to try and circumvent their locking mechanism.
Re: Improving the editor: business logic for permissions
Posted: Sun Nov 11, 2012 7:39 pm
by MisterMooCow
bgodette wrote:jhfrontz wrote:Anyone looked into this?
Modifications are verified server side, and have been ever since Papyrus was been around in 2009, that's why you get save errors.
Then why was it possible to circumvent that in cartouche_old?