Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Apphooks are removed if "Can change advanced settings" permission not given #988

Closed
mbaechtold opened this Issue · 1 comment

2 participants

@mbaechtold

I think this bug already existed in 2.1.x and still occurs in 2.2rc1.post2.

  • Set CMS_PERMISSION = True
  • Create a cms group with full page permissions (don't bother about User & Group permissions and Page permissions management)
  • Create a global permission (all default values except "Can change advanced settings" set to false) and choose the group created previously
  • Create a cms user with full page permissions and add the user to the group created previously

If there is a page with an app hook (i.e. created by a superuser or a user with "Can change advanced settings" permissions) and the restricted user from above changes this page, the app hook gets lost.

The field "Redirect" is removed too.

The fields "ID", "Login required" and "Menu visibilty" keep their values.

I haven't tested the field "Overwrite URL".

@ojii ojii referenced this issue from a commit in ojii/django-cms
@ojii ojii Added test for #988 e19e994
@ojii
Collaborator

it seems only overwrite url was special cased, but 'redirect' and 'application_urls' need the same treatment.

@ojii ojii closed this in 9a28283
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.