Improving the editor: business logic for permissions

Improving the editor: business logic for permissions

Quote

by MisterMooCow Sat Nov 10, 2012 1:22 am

Has there been a major change to the API that the editors use (with the demise of cartouche_old)?

I'm really annoyed at no longer being able to "work around" permission issues by using cartouche_old, so I'm contemplating a deep-dive into the WME javascript to come up with another workaround. Assuming they're still implementing the permissions business logic in the editor (and allowing essentially a free-for-all at the raw web services interface), it should be possible to come up with a more intelligent permissions mechanism using an extension.

Anyone looked into this?

On the other hand, I'm just about to cross 200K edits-- is that still the threshold for loosening the shackles?

MisterMooCow: Posts: 314; Has thanked: 23 times; Been thanked: 17 times

Quote

Re: Improving the editor: business logic for permissions

Quote

by AlanOfTheBerg Mon Nov 12, 2012 1:23 am

bgodette wrote:
jhfrontz wrote:Then why was it possible to circumvent that in cartouche_old?
Because it was a different backend.

And whether the code which is doing different permissions checking now is part of something in the webserver or within the database, we don't know and it doesn't really matter. Permissions are taken care of server side and there's little we could do from the browser side except make things more restrictive. Which, ultimately, could be easily circumvented with userscripts.

AlanOfTheBerg: EmeritusChamps; Posts: 23627; Has thanked: 568 times; Been thanked: 3479 times

Wiki Resources: Map Editing Manual | alanoftheberg@gmail.com
Oregon-based US Ex-Global Champ Editor | iPhone13Pro - VZ

Quote

Re: Improving the editor: business logic for permissions

Quote

by bgodette Sun Nov 11, 2012 5:55 pm

jhfrontz wrote:Anyone looked into this?

Modifications are verified server side, and have been ever since Papyrus was been around in 2009, that's why you get save errors.

bgodette: Waze Global Champs; Posts: 3441; Has thanked: 27 times; Been thanked: 257 times

https://badges.fuelly.com/images/smallsig-us/236784.png

Quote

Re: Improving the editor: business logic for permissions

Quote

by bgodette Sun Nov 11, 2012 10:46 pm

jhfrontz wrote:Then why was it possible to circumvent that in cartouche_old?

Because it was a different backend.

bgodette: Waze Global Champs; Posts: 3441; Has thanked: 27 times; Been thanked: 257 times

https://badges.fuelly.com/images/smallsig-us/236784.png

Quote

Re: Re: Improving the editor: business logic for permissions

Quote

by Kuhlkatz Sun Nov 11, 2012 8:57 pm

jhfrontz wrote: Then why was it possible to circumvent that in cartouche_old?

Maybe the different URLs should provide a hint that they likely made use of different Web server back end interfaces.

I thought the whole idea of the level locks were to STOP editors from changing whatever they shouldn't.
I'm not expecting you to get much traction here or much help from Waze to try and circumvent their locking mechanism.

Kuhlkatz: Waze Local Champs; Posts: 917; Has thanked: 32 times; Been thanked: 146 times

Carel Cornelius
AM : Centurion & Sandton, ZA
CM & Coordinator, South Africa
(HTC One, Android 5.0.2, v7.19.401.51)
[img]https:///DwNb3R[/img]
South African Wiki Waze Wiki Map Editing

Quote

Re: Improving the editor: business logic for permissions

Quote

by MisterMooCow Sun Nov 11, 2012 7:39 pm

bgodette wrote:
jhfrontz wrote:Anyone looked into this?
Modifications are verified server side, and have been ever since Papyrus was been around in 2009, that's why you get save errors.

Then why was it possible to circumvent that in cartouche_old?

MisterMooCow: Posts: 314; Has thanked: 23 times; Been thanked: 17 times

Quote

Post Reply

6 posts • Page 1 of 1