Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

User with Add Permission unable to Add #1120

Closed
kvarun31 opened this Issue Dec 19, 2011 · 6 comments

Comments

Projects
None yet
5 participants

Started with fresh permission enabled djnango-cms in my local dev.

From SU admin panel added a new User (Page) (say: testuser) and granted him 'Add', 'Change', 'Delete' Permission on Page.

Go to global page permssion grant it 'can add, edit. delete, pubish moderate, etc'

Log out and Login as testuser.

You have no permission on this page (Expected: Page Link with ADD, and CHANGE enabled)

Re-Login as SU

Add new Page, and go to its Page Permission and explicitle add the 'testuser' Grant him permission on all "Page & Descendant".

Re-Login as testuser

Page Link appeared but only with 'Change' enabled (Add Not Enabled)

Go to Page, Now You can Add, Modify in that root page or Add Child, but you still can't delete any thing.

i'm new to Django-CMS, so please correct me, if this functionality is correct or i'm doing something wrong, Also What's the significant of 'DELETE' permission or 'can_delete' permission, if i'm not getting that enabled.

Contributor

kezabelle commented Dec 21, 2011

Verification: using the steps provided above, I can replicate the issue.

Needs looking into, or clarification on why it's occuring.

Contributor

kezabelle commented Dec 22, 2011

Alright. I think I've narrowed down the problem: the admin help_text for Global Page Permissions says, about which Sites a user can modify, 'If none selected, user haves granted permissions to all sites.', however, that's not true, because of has_page_add_permissions, where the GlobalPagePermission queryset filters out valid permissions which aren't in this site (sites__in=[site]). This is true of has_page_change_permissions too, though that query pops exists() on the end, which is a slightly saner result.

For the purposes of verification: Proceed with the ticket's outlined steps (to confirm the existance of the problem), then go and give the testuser access to sites explicitly. If @kvarun31 could confirm whether he had any sites selected, it would go a long way to confirming the problem area as the one I've described.

Yes Correct, i dint select any site, considering the same instruction 'If none selected, user haves granted permissions to all sites.' Thought it would give user the global permission to all the sites. But as you said it dint happen.

Later on, my co-worker selected the site and get that working.

@kezabelle kezabelle added a commit to kezabelle/django-cms that referenced this issue Dec 22, 2011

@kezabelle kezabelle working on fixing global page permissions for issue #1120
Introduces a new manager, to keep the Q objects in one place.
ee44d34

@kezabelle kezabelle added a commit to kezabelle/django-cms that referenced this issue Dec 27, 2011

@kezabelle kezabelle test case for #1120 d2bc61e
Member

digi604 commented Jan 30, 2014

Is this still the case with newest develop?

@digi604 digi604 added this to the 3.0 milestone Feb 10, 2014

@digi604 digi604 added the blocker label Feb 14, 2014

Contributor

johnraz commented Feb 23, 2014

For the record, with last develop, I followed the steps above and did not encounter any issue. Was able to add / edit / remove pages at will.

Edit:
By adding a new page, I had to manually add user permission through the superuser to make it visible to testuser...

Assigning the website in the global page permissions made it actually work... I'm not sure to get every aspect of this as of now, may need to dig a bit more to be fully sure. But I can confirm that assigning the website actually enable access while having the website unselected give you access to nothing.
So I think the issue @kezabelle pointed out is still in there somehow.

Contributor

yakky commented Feb 23, 2014

@johnraz , @digi604 I forward-ported #1128 in #2701, please check it

@yakky yakky self-assigned this Feb 28, 2014

@digi604 digi604 closed this in #2701 Mar 1, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment