Loading...
 

Tikiwiki-devel (mailman list mirror)


File gallery edit permission [from SF.net SVN: tikiwiki:[58043] branches/15.x/templates/tiki-list_file_gallery .tpl]

posts: 126261


sorry, meant to send to dev list

Hi all

Just had a client query why the edit file gallery menu item is showing for people who can't edit, and when i looked into it i remembered seeing it before and leaving it because we don't have a specific edit_file_gallery perm, and in edit_file_gallery.tpl it checks for create_file_gallery (or ownership of a user filegal).

Does this seems ok to everyone? Or has it been like that for so long we shouldn't change it?

I would have thought that admin_file_gallery would be a more suitable perm to test for editing, as the page certainly looks like an admin page, with stuff about regex and default wiki markup etc (as does the client).

But before backporting it to 14.x i thought i'd ask and see if we can improve this for 15.0?

Or should we add edit_file_gallery now? (before 15.0 beta, but a bit late really)

Thoughts?

TIA

jonny



> On 21 Mar 2016, at 12:55, jonnybradley at users.sourceforge.net wrote:
>
> Revision: 58043
> http://sourceforge.net/p/tikiwiki/code/58043
> Author: jonnybradley
> Date: 2016-03-21 12:55:52 +0000 (Mon, 21 Mar 2016)
> Log Message:
> -----------
> FIX filegals: Use the same logic for whether a user can edit or browse this gallery as used in the edit_file_gallery.tpl
>
> Modified Paths:
> --------------
> branches/15.x/templates/tiki-list_file_gallery.tpl
>
> Modified: branches/15.x/templates/tiki-list_file_gallery.tpl
> =============
> --- branches/15.x/templates/tiki-list_file_gallery.tpl 2016-03-21 12:49:17 UTC (rev 58042)
> +++ branches/15.x/templates/tiki-list_file_gallery.tpl 2016-03-21 12:55:52 UTC (rev 58043)
> @@ -59,9 +59,11 @@

> </li> > <li class="divider"></li>

> \{if $edit_mode neq 'y' or $dup_mode neq 'y'\}

> - <li>

> - <a href="tiki-list_file_gallery.php?edit_mode=1&galleryId=\{$galleryId}">{icon name="edit"} {tr}Edit{/tr\}</a>

> - </li>

> + \{if $tiki_p_create_file_galleries eq 'y' or (not empty($user) and $user eq $gal_info.user and $gal_info.type eq 'user' and $tiki_p_userfiles eq 'y')\}

> + <li>

> + <a href="tiki-list_file_gallery.php?edit_mode=1&galleryId=\{$galleryId}">{icon name="edit"} {tr}Edit{/tr\}</a>

> + </li>

> + \{/if\}
> \{/if\}
> \{if $tiki_p_create_file_galleries eq 'y' and $dup_mode ne 'y' and $gal_info.type neq 'user'\}

> <li>

> @@ -131,7 +133,7 @@
> \{if $tiki_p_create_file_galleries eq 'y' and $edit_mode ne 'y'\}
> \{button _keepall='y' _icon_name="create" _type="link" _text="{tr}Create{/tr}" edit_mode=1 parentId=$galleryId cookietab=1\}
> \{/if\}
> - \{if $tiki_p_admin_file_galleries eq 'y' or ($user eq $gal_info.user and $gal_info.type eq 'user' and $tiki_p_userfiles)\}
> + \{if $tiki_p_admin_file_galleries eq 'y' or (not empty($user) and $user eq $gal_info.user and $gal_info.type eq 'user' and $tiki_p_userfiles eq 'y')\}
> \{if $edit_mode eq 'y' or $dup_mode eq 'y'\}
> \{button _keepall='y' _icon_name="view" _text="{tr}Browse{/tr}" galleryId=$galleryId\}
> \{/if\}
>
> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
>


------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
___
TikiWiki-devel mailing list
TikiWiki-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel

posts: 9292 Germany

Hello Jonny,

Monday, March 21, 2016, 2:10:33 PM, you wrote:


> Just had a client query why the edit file gallery menu item is
> showing for people who can't edit, and when i looked into it i
> remembered seeing it before and leaving it because we don't have a
> specific edit_file_gallery perm, and in edit_file_gallery.tpl it
> checks for create_file_gallery (or ownership of a user filegal).

> Does this seems ok to everyone? Or has it been like that for so long we shouldn't change it?

Looks like a bug to me.

There is a similar one with categories.
If you assign "view categs in a list" to anonymous, anonymous can see the "Organize Entries" link at the top of a category page /catxx-somename ).
Clicking it gives an error though, as expected.

Cheers,
Oliver


------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351&iu=/4140
___
TikiWiki-devel mailing list
TikiWiki-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel


Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.