Skip to content

Loading…

Problems configuring user permissions #118

Open
mitar opened this Issue · 2 comments

3 participants

@mitar

I have problems configuring user permissions. I would like to allow users to add files to a folder and edit and delete their own files. For this I have configured such permissions for a group blogger:

Folder: 'Blog images (misc)'->this item and all children [can_read, can_add_children] [Group: bloggers]

But deleting does not work unless I add also general filer | file | Can delete file. But this means this user (group) have permissions to delete any file, not just those owner by her.

@mitar

Bump? Should I make a test case for this too?

@stefanfoulis
Divio AG member

ahh. I see the problem. Django calls user.has_perm('filer.delete_image') and user.has_perm('filer.delete_file') in django.contrib.admin.util.

This circumvents our usual custom permission logic. What we have to do is provide our own AuthenticationBackend to support this kind of permission checking.

But, as far as I can tell, there is also bug in django. It checks for the global permission instead of passing in the obj. It should be user.has_perm(p, obj) not user.has_perm(p).

@stefanfoulis stefanfoulis was assigned
@stefanfoulis stefanfoulis removed their assignment
@yakky yakky modified the milestone: 0.9.6, 0.9.4, 1.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.