search

pombreda / django-page-cms

Automatically exported from code.google.com/p/django-page-cms
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

It is not possible to limit permissions (with ability to add pages) to a certain page and children #160

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Give user permissions on a nested page in tree (this page and all children)
2. log in as that user.
3. Try to add a child page in the tree

What is the expected output? What do you see instead?
I expect this to work. It does not, get permission denied.

What version of the product are you using? On what operating system?
SVN r674 (the latest changes require a database migration b.t.w.)

Please provide any additional information below.

Original issue reported on code.google.com by jacques....@gmail.com on 4 Sep 2009 at 11:22

GoogleCodeExporter commented 9 years ago 
By changing has_page_add_permission to the below it fixes the issue. It allows 
you to
get to the edit form and save the content after which the permissions will be 
checked
again. So even though it might let a user attempt to add say a page above the 
parent
page for which he/she has permission it is still safe. The code could probably 
be
made a little smarter to also parse the position but IMO this is not needed and 
might
be quite complicated.

def has_page_add_permission(request, page=None):
    """Return true if the current user has permission to add a new page.

    :param page: not used
    """
    if not settings.PAGE_PERMISSION:
        return True
    else:
        from pages.models import PagePermission
        permission = PagePermission.objects.get_page_id_list(request.user)
        if permission == "All":
            return True
        target = request.GET.get('target', None)
        if target is not None:
            try:
                target = int(target)
                if target in permission:
                    return True
            except:
                pass
    return False

Original comment by jacques....@gmail.com on 4 Sep 2009 at 11:42

GoogleCodeExporter commented 9 years ago 
I commited your changes in revision 688. Thanks for your contribution.

Original comment by batiste....@gmail.com on 15 Sep 2009 at 7:58

GoogleCodeExporter commented 9 years ago

Original comment by batiste....@gmail.com on 15 Sep 2009 at 8:58