#13 — Change the required permission from 'Modify portal content' to 'Add portal content'

by Dorneles Tremea — last modified Aug 04, 2010 04:22 PM

State	Resolved
Version:	1.0rc2
Area	Functionality
Issue type	Patch
Severity	Important
Submitted by	Dorneles Tremea
Submitted on	Aug 03, 2010
Responsible	Ramon Bartl
Target release:	1.0rc2

Return to tracker

Right now the docs suggest you to use an action protected by the 'Modify portal content':

...
   <property name="permissions">
    <element value="Modify portal content"/>
   </property>
...

I'd recommend to update this to require the real permission, which is 'Add portal content'.

There's some cases where you can't edit the folder properties, but you're allowed to add content to it (for instance, when you grant the Contributor local role to someone).

This also requires a change in the browser/configure.zcml file:

...
    
    <browser:page
        for=".interfaces.IUploadingCapable"
        name="upload"
        class=".upload.UploadView"
        permission="cmf.AddPortalContent"/>

    
    <browser:page
        for="*"
        name="upload_file"
        class=".upload.UploadFile"
        permission="cmf.AddPortalContent"/>

    
    <browser:page
        for="*"
        name="upload_initialize"
        class=".upload.UploadInitalize"
        permission="cmf.AddPortalContent"/>

Steps to reproduce:: On you own folder, grant the 'Contributor' role to another user. This user should be allowed to add content to your folder, even if he don't have the 'Modify portal content' permission, because he does have the 'Add portal content' one.

Added by Ramon Bartl on Aug 04, 2010 07:56 AM

Issue state: Unconfirmed → Confirmed

Responsible manager: (UNASSIGNED) → ramonski

Hi Dorneles,

you are right, I'll change that for 1.0rc3.

Thanks for reporting this issue

greets
ramonski

Added by Ramon Bartl on Aug 04, 2010 04:22 PM

Issue state: Confirmed → Resolved

fixed in r122851

No responses can be added.