How to avoid extrernal users to create events in all the categories

We realized that yesterday someone created a set of events in a public category.
I just checked that the “Restricted event creation” proprietry was disabled so I set it enabled in order to avoid the user to create more events but he can pick another category number randomly and do it again.

  1. “Restricted event creation” = true means that only the managers can create events. Is it right?
  2. Is there a way to set the value to true to all the categories? We want to give the possibility only to staff members set as managers to create events.
    I attache the log file
    Alberto Nardella
    indico.log.gz (407.6 KB)

This script may be useful for you… except for the group part you can use most of it as-is.

I had completely forgotten this feature (everyone can create an event).
Is it still useful these days?
(I guess it was, in the very beginning when InDiCo or CDS-agenda users :wink: had to be approved manually before they could gain acces to the system.) A system which needs wide-open event-creation permissions today would probably base its user registry on an existing LDAP or OAuth instance.

I would like to propose to remove the possibility to create events for unauthentified users completely.

Unauthenticated guests cannot create events. But any logged-in user can. I think the most logical change would be to default to restricted event creation on the root category - IIRC. we copy this setting when creating subcategories, so this would lead to a more secure default on any new installation.

1 Like