Read only limited user can still delete existing items

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Create user
2. Make user read-only
3. Create folder x
4. Create role a
5. give role a no permission to edit items
6. give role access to folder x
7. put user in role a
8. create simple item in folder x
9. login with new limited user
10. access new item
11. try deleting - unable to delete - correct behaviour
12. add new item
13. ######   re-select first item ###########
14. ###### try deleting again - able to delete - incorrect behaviour ####

What is the expected output? What do you see instead?
User should NOT be able to delete existing item but are strangely able to do so 
after adding a new item

What version of the product are you using?
2.1.7

On what operating system? With what Browser (IEx, FFx, ...)
Windows 7 with IE9

Please provide any additional information below.
Am testing all edge cases before considering use in production.

Original issue reported on code.google.com by linhqt...@gmail.com on 3 Jun 2012 at 12:02

[GoogleCodeExporter]

Am using LDAP for user authentication if that helps.
Setup on CentOS 6.2 with nginx and fastcgi (php)

Original comment by linhqt...@gmail.com on 3 Jun 2012 at 12:04

[GoogleCodeExporter]

I toggled allowing the role to edit and then back off again and the behaviour 
is now correct.

User now (correctly) can not add an item and can not delete existing.

Original comment by linhqt...@gmail.com on 3 Jun 2012 at 12:09

[GoogleCodeExporter]

Just went through the open issues list and noticed this is the same as #206
The issue is back and I do not understand why.

The user is part of a role that has the option to NOT allow editing of 
passwords yet the user can after adding one themselves and then going back to 
another item.

I was just writing up some company documentation for it's use, but this bug is 
a massive deal breaker, any chance on an eta for a fix?

Original comment by linhqt...@gmail.com on 4 Jun 2012 at 1:44

[GoogleCodeExporter]

Hello,

1st I apologize for being late to answer you ...

Ok by reading your history, I've seen you managed to fix that. 
For information, I've checked in source code. A ReadOnly user can't technicaly 
create any Item. This kind of account is associated to a specific constant that 
is checked before query.

Concerning #206, you're right ... this is a big issue still open.
I didn't saw it!

So I've corrected it in next 2.1.8

Nils

Original comment by nils.cpa...@gmail.com on 10 Jun 2012 at 9:02

• Changed state: Fixed

[GoogleCodeExporter]

This is great news, thanks for the update :)

Original comment by linhqt...@gmail.com on 10 Jun 2012 at 1:03