Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should layoutedit tab be available to editors as well? #855

Closed
idgserpro opened this issue Apr 22, 2019 · 4 comments
Closed

Should layoutedit tab be available to editors as well? #855

idgserpro opened this issue Apr 22, 2019 · 4 comments
Labels
enhancement question

Comments

@idgserpro
Copy link
Member

In old collective.cover versions, default permissions were used for the layout tab, like Modify portal content. As defined by https://docs.plone.org/develop/plone/security/standard_permissions.html:

cmf.ModifyPortalContent (Modify portal content)
used to control write access to content items;

Editor, aka Can edit,
confers the right to edit content. As a rule of thumb, the Editor role should have the Modify portal content permission if the Owner roles does.

Since this commit d0d5f47#diff-930769023798c0b6ea6a070619d60f17 and the creation of specific permissions, the rolemap now only gives these permissions to Manager and Site Administrator.

Is this the intended behavior now, or this commit missed to put the Editor in Can Edit Layout?

I know this is really old @mauritsvanrees, but would you be able to answer it? We're upgrading some old installations and this would be nice to know so we can see if this needs to be a change in collective.cover and not a local policy configuration.
@mauritsvanrees
Copy link
Member

This is intended behavior:

  • Editors should only be able to add and edit tiles.
  • Only Managers and Site Administrators should be able to define the layout: rows and columns.

(I am not sure from the top of my head where the exact split is between what we allow editors to do and what Managers, but the above would be the rough idea.)

@idgserpro
Copy link
Member Author

I just thought that adding Site Administrator to just edit some specific content is too much. I know that from a logic perspective editors should only add and edit tiles, but the edit functionality in a cover is actually almost useless. I see no harm in letting Editors define the layout since you can have multiple covers across the whole website. Should a new rolemap be added, perhaps?

@mauritsvanrees
Copy link
Member

This is the default. You can change it on individual sites if you want, either in a rolemap.xml in a site-specific package, or by clicking in the ZMI manage_access.

@mauritsvanrees
Copy link
Member

For clarity: there is harm, potentially anyway: Editors can mess up your site design and well-thought-out corporate identity if they can change the layout. Depending on who your editors are, you could allow this.

@idgserpro idgserpro mentioned this issue May 29, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mauritsvanrees @idgserpro