-
Notifications
You must be signed in to change notification settings - Fork 454
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check stack and global area permissions #7006
Comments
#7029 fixes this. |
I like the idea behind this – and I recognize it's a problem – but I don't know about some of the permissions here. Would it be better for us to just ignore area permissions entirely and use the permissions of the page that the stack comes from instead? |
Well, stacks are meant to be used in multiple pages, right? |
I don't mean the permissions of the page it's on – I mean instead of showing the area permissions when we click the permissions buttons – should we just show the page permissions, so those are the ones we're checking? |
And by page permissions, I mean the permissions for the page that exists in the sitemap for that particular stack. |
Yes, stacks are also pages. |
The problem is that stacks and global areas are both "pages" and "areas". We have 3 solutions:
Just tell me the solution you prefer, and I'd implement it (I need it asap). |
The tricky thing is that all the permissions we need currently exist – they are just split between pages and areas. I wonder if we shouldn't just bite the bullet and create a new Stack permission response, with stack permission keys. They would inherit their permissions from the page object by default, but if you overrode them on the stack you'd be able to determine who could edit the stack, and add the particular block types to them. Let's brainstorm what permissions we would need, and what those keys would be named. They would all be stack-specific. |
I just noticed another major issue (I just discovered it, the users didn't tell me that), strictly related to this. Let's assume we have these advanced permissions set: If I login as an editor, and edit a page (not a stack), the user is not able to add new blocks (the "Add blocks" dialog is empty): That's because this line always returns false. |
I'm going to close this issue, and reopen a new one with a more appropriate description. |
See #7086 |
When we check permissions of stacks and global areas, we should use the permission keys of the
area
category.BTW in the core we currently often permission keys of the
page
category.What does that imply?
Permission\Checker
instance as$cp = new Checker(Area::get($c, STACKS_AREA_NAME))
instead of$cp = new Checker($c)
$cp->canEditAreaContents()
instead of$cp->canEditPageContents()
).Here's the full list of
page
andarea
permission keys:add_subpage
approve_page_versions
delete_page
delete_page_versions
edit_page_contents
edit_area_contents
edit_page_multilingual_settings
edit_page_page_type
edit_page_permissions
edit_area_permissions
edit_page_properties
edit_area_properties
edit_page_speed_settings
edit_page_template
edit_page_theme
move_or_copy_page
preview_page_as_user
schedule_page_contents_guest_access
view_page
view_area
view_page_in_sitemap
view_page_versions
add_block_to_area
add_layout_to_area
add_stack_to_area
delete_area_contents
edit_area_design
So, If it's ok for the core team, I'd add these
area
permission keysadd_subarea
approve_area_versions
delete_area
delete_area_versions
view_area_versions
move_or_copy_area
edit_area_properties
and I'd update the code accordingly.
The text was updated successfully, but these errors were encountered: