You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently feed update requires Manage portal permission. I created a user just for updating the feed, and it seems overkill for this user to have Manage permission. Wouldn't it be better to reduce this to Add portal content?
The text was updated successfully, but these errors were encountered:
will respect the local roles/permissions
so (correct me if I am wrong) the feed harvest user only has to have local rights on that feed folder
and the mega_update view could (in my theory) be only protected by zope.view
I have updated the code to use different permissions. Adding feed items has always required the feedfeeder: Add permission, so you need at least that for updating feeds. I have added feedfeeder: Update feed for updating a single feed. The action is protected by that permission now. I have also added feedfeeder: Update all feeds as separate permission for calling the mega update. By default all three permissions are given to Manager and Site Administrator. You can change that in your own setup.
Note that updating a feed probably fails if you have the update permission but do not have the add permission.
@cleder: The unrestrictedTraverse in the mega update code actually means that the permission needed for calling @@update_feed_items on that folder are not checked at all. The View permission on mega update would then be wrong. You probably do run into errors further on when the code actually tries to add an item.
Currently feed update requires Manage portal permission. I created a user just for updating the feed, and it seems overkill for this user to have Manage permission. Wouldn't it be better to reduce this to Add portal content?
The text was updated successfully, but these errors were encountered: