#13 — Change the required permission from 'Modify portal content' to 'Add portal content'

State Resolved
Version: 1.0rc2
Area Functionality
Issue type Patch
Severity Important
Submitted by Dorneles Tremea
Submitted on Aug 03, 2010
Responsible Ramon Bartl
Target release: 1.0rc2
Right now the docs suggest you to use an action protected by the 'Modify portal content':

...
   <property name="permissions">
    <element value="Modify portal content"/>
   </property>
...

I'd recommend to update this to require the real permission, which is 'Add portal content'.

There's some cases where you can't edit the folder properties, but you're allowed to add content to it (for instance, when you grant the Contributor local role to someone).

This also requires a change in the browser/configure.zcml file:

...
    <!-- UPLOAD VIEW -->
    <browser:page
        for=".interfaces.IUploadingCapable"
        name="upload"
        class=".upload.UploadView"
        permission="cmf.AddPortalContent"/>

    <!-- UPLOAD FILE -->
    <browser:page
        for="*"
        name="upload_file"
        class=".upload.UploadFile"
        permission="cmf.AddPortalContent"/>

    <!-- UPLOAD JS INITIALIZATION -->
    <browser:page
        for="*"
        name="upload_initialize"
        class=".upload.UploadInitalize"
        permission="cmf.AddPortalContent"/>
Steps to reproduce:
On you own folder, grant the 'Contributor' role to another user. This user should be allowed to add content to your folder, even if he don't have the 'Modify portal content' permission, because he does have the 'Add portal content' one.
Added by Ramon Bartl on Aug 04, 2010 07:56 AM
Issue state: UnconfirmedConfirmed
Responsible manager: (UNASSIGNED)ramonski
Hi Dorneles,

you are right, I'll change that for 1.0rc3.

Thanks for reporting this issue

greets
ramonski
Added by Ramon Bartl on Aug 04, 2010 04:22 PM
Issue state: ConfirmedResolved
fixed in r122851

No responses can be added.