#110 — Contributor Role not sufficient to add blog content
by
Tom Lazar
—
last modified
Jan 08, 2009 04:02 PM
| State | Resolved |
|---|---|
| Version: | 1.6 |
| Area | Functionality |
| Issue type | Bug |
| Severity | Critical |
| Submitted by | Tom Lazar |
| Submitted on | Sep 22, 2007 |
| Responsible | Tim Hicks |
| Target release: | 1.6 |
Eventhough there is code in place that supposedly enables the Contributor Role, this is in fact not the case:
Unauthorized: Your user account does not have the required permission. Access to 'invokeFactory' of (Weblog at /quills/blog) denied. Your user account, tomster, exists at /quills/acl_users. Access requires one of the following roles: ['Manager', 'Owner']. Your roles in this context are ['Authenticated', 'Contributor', 'Editor', 'Member', u'Reader', u'Reviewer'].
This essentially makes a multi-user blog non-workable. multi-user handling is one of the key features of Quills, though...
Unauthorized: Your user account does not have the required permission. Access to 'invokeFactory' of (Weblog at /quills/blog) denied. Your user account, tomster, exists at /quills/acl_users. Access requires one of the following roles: ['Manager', 'Owner']. Your roles in this context are ['Authenticated', 'Contributor', 'Editor', 'Member', u'Reader', u'Reviewer'].
This essentially makes a multi-user blog non-workable. multi-user handling is one of the key features of Quills, though...
- Steps to reproduce:
- Added a test that reproduces this in
http://dev.plone.org/collective/changeset/49932
n.b. that test succeeds, if the role is set to Manager
Added by
Tom Lazar
on
Sep 23, 2007 12:12 AM
tim2p: it seems that `setupPortalSecurity` in Quills.permissions simply adds the Contributor role to the list of required roles to add weblog content, but that the actual permission to create content still requires Owner or Manager.
Responsible manager:
tomster
→
tim2p
this creates the absurd situation where we offer the user to create content eventhough he doesn't factually have sufficient privileges to do so.
In manual testing I couldn't grant a user with 'Contributor' role the right to add content via the 'sharing' tab (he did show to have the right to 'add content' but in fact it still raised the abovementioned error.)
any idea how to resolve this?
Added by
Tom Lazar
on
Sep 23, 2007 12:27 AM
strangely enough, when calling `Weblog.addEntry()` (which is protected by permissions.addContent) the Contributor role *is* sufficient (as demonstrated in the first lines of browser.rst and verified via pdb)
It seems it is only TTW that this issue arises.
Added by
Tom Lazar
on
Sep 23, 2007 01:04 AM
resolved with http://dev.plone.org/collective/changeset/49933
Issue state:
unconfirmed
→
resolved
No responses can be added.
If you can, please log in before submitting a reaction.