Use package permissions to protect views instead of more general ones #120
Conversation
|
@pbauer thanks for creating this Pull Request and helping to improve Plone! TL;DR: Finish pushing changes, pass all other checks, then paste a comment: To ensure that these changes do not break other parts of Plone, the Plone test suite matrix needs to pass, but it takes 30-60 min. Other CI checks are usually much faster and the Plone Jenkins resources are limited, so when done pushing changes and all other checks pass either start all Jenkins PR jobs yourself, or simply add the comment above in this PR to start all the jobs automatically. Happy hacking! |
|
Should we also change the rolemap-setup by adding |
|
@jenkins-plone-org please run jobs |
Yes! Sure. |
|
While implementing this I ran into something worth mentioning: The permissions were previously setup and assigned to during startup even when With this change a site in which plone.app.iterate is in the list of core-addons so the upgrade-step will be triggered by a plone-upgrade. |
|
@jenkins-plone-org please run jobs |
Branch: refs/heads/6.0.x Date: 2024-02-21T08:32:55+01:00 Author: Philip Bauer (pbauer) <bauer@starzel.de> Commit: plone/Products.CMFPlone@a8a38eb plone.app.iterate permissions now use rolemap. See plone/plone.app.iterate#120 Files changed: M Products/CMFPlone/tests/testSiteAdminRole.py Repository: Products.CMFPlone Branch: refs/heads/6.0.x Date: 2024-02-21T08:56:09+01:00 Author: Philip Bauer (pbauer) <bauer@starzel.de> Commit: plone/Products.CMFPlone@cca64cf add changenote Files changed: A news/3907.bugfix Repository: Products.CMFPlone Branch: refs/heads/6.0.x Date: 2024-02-21T15:05:01+01:00 Author: Jens W. Klein (jensens) <jk@kleinundpartner.at> Commit: plone/Products.CMFPlone@996b9da Merge pull request #3907 from plone/iterate_permissions_use_rolemap Iterate permissions use rolemap Files changed: A news/3907.bugfix M Products/CMFPlone/tests/testSiteAdminRole.py
Branch: refs/heads/master Date: 2024-02-21T16:47:10+01:00 Author: Philip Bauer (pbauer) <bauer@starzel.de> Commit: plone/Products.CMFPlone@255adbb plone.app.iterate permissions now use rolemap. See plone/plone.app.iterate#120 Files changed: M Products/CMFPlone/tests/testSiteAdminRole.py Repository: Products.CMFPlone Branch: refs/heads/master Date: 2024-02-21T16:47:25+01:00 Author: Philip Bauer (pbauer) <bauer@starzel.de> Commit: plone/Products.CMFPlone@72df670 add changenote Files changed: A news/3907.bugfix
This was previously part of #96
These permissions are so far only used in Volto via
plone.restapibut for some reason not in Classic-UI.We might also add checks for these permissions to the actions via
browser/control.py.