Menu
▾
▴
Re: [phpesp-dev] soma changes
|
From: Franky V. L. <lie...@te...> - 2008-03-30 21:20:08
|
On Sun, 30 Mar 2008 16:13:14 -0400 Bishop Bettini <ph...@id...> wrote: > > Well, it's completely controlable: only the superuser can do the > > update. If you're able to update the files on the webserver, I think > > you can be trusted to do the db updates as well, no? And a good > > admin never gives out the superuser password to somebody else :) > > I'm not sure I was clear. The super user account has access to > survey-oriented functionality that's unavailable to survey > designers. That implies that the super-user still maintains surveys, > just of a higher caliber. With the addition of this change, that > person is now also responsible/able to upgrade the application. > > In some circumstances, great; it's needed. But in others, it's a > separated concern that now has no separation. My usage falls into > the latter category. I maintain the software and the server, but a > client manages the surveys (deleting, cross-tabulating, etc.): I > would not want the client upgrading the software willy-nilly. I understand your concern, but most applications act alike (almost all CMS's as well): there is a superuser that does the update. Maybe here the "superuser" is in fact "application administrator". In that case, we can always create a new user that has - so to say - DB admin rights (DB maintanance). But for the transition period (where people upgrade, this is a bit difficult ... > > Wether you do them via web or manually, that's exactly the same. > > And there are no inputs from the user requested: because of the xml > > method, the update goes completely transparant, no matter which > > version you came from (the same goes for the prefix updates that > > are now possible). > > There _is_ a user input: initiate the upgrade. In my usage, I don't > want the super user initiating an upgrade. Sure, I can one off the > code, but it seems to me the ability to upgrade should be a > capability that can be assigned. Correct, but as always: when you do an update, you alert the admin of the application (just in case), not? But anyway, the DB admin right should be assignable ... > > I invite you to try it out first, before going into more details. > > (I tried a 2.0.2 update: worked fine. I tried a fresh install: > > worked fine). > > I'll certainly try it out. :) great, let me know what you like about it :) Franky |
