Update CTF to enforce per-item permissions #2880

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
4 participants
Contributor

hdrlab commented Feb 20, 2014

ComplexTableField_Item's edit() and delete() functions currently only check global permissions before executing either action. This patch calls the item's own canEdit()/canDelete() methods, to make sure that any fine-grained permissions are respected.

An example use case is assets management with per-file access permissions and with the DataObjectManager class installed (so that CTF is used).

Update CTF to enforce per-item permissions
ComplexTableField_Item's edit() and delete() functions currently only check global permissions before executing either action. This patch calls the item's own canEdit()/canDelete() methods, to make sure that any fine-grained permissions are respected. 

An example use case is assets management with per-file access permissions and with the DataObjectManager class installed (so that CTF is used).
Owner

chillu commented Feb 22, 2014

Makes sense. But can you please also fix this in the TableListField parent class? Also, would you mind adding some unit tests for this? edit/delete actions are currently not tested, but ComplexTableFieldTest and TableListFieldTest could give you some guidance on how to achieve this?

@simonwelsh simonwelsh added the 2.4 label Mar 15, 2014

Owner

halkyon commented Sep 25, 2014

No activity in a long time. Closing.

@halkyon halkyon closed this Sep 25, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment