FAQ
Hello,
I've installed MojoMojo-0.999041 from cpan

I created a new user via the registration, not an admin. I can limit the new
user's privileges to only editing his home page, but so far, no matter what
I've tried, he is still able to upload attachments to the root page.
According to what I see in the path_permissions table (only view_allowed)
this should not be the case.

suggestions welcome, thanks, and thanks for the software, it's pretty cool

Sean


--
View this message in context: http://n2.nabble.com/attachment-permissions-tp4048482p4048482.html
Sent from the mojomojo mailing list archive at Nabble.com.

Search Discussions

  • Sean_ellis at Nov 24, 2009 at 4:50 am

    sean_ellis wrote:
    I've installed MojoMojo-0.999041 from cpan

    I created a new user via the registration, not an admin. I can limit the
    new user's privileges to only editing his home page, but so far, no matter
    what I've tried, he is still able to upload attachments to the root page.
    According to what I see in the path_permissions table (only view_allowed)
    this should not be the case.
    HI

    responding to my own post:

    after digging around I've come to the conclusion that the behaviour that I
    described above may be the default, and intentional

    I've managed to get what I wanted by wrapping the uploader display code in
    attachments.tt with a check for attachment privileges which seems to be
    working, so I'm happy

    Sean

    --
    View this message in context: http://n2.nabble.com/attachment-permissions-tp4048482p4055858.html
    Sent from the mojomojo mailing list archive at Nabble.com.
  • Marcus Ramberg at Nov 25, 2009 at 5:51 pm
    Uhm, I do not believe this is intentional behaviour. I'd accept a
    patch to make edit permissions be required for uploading attachments,
    provided it includes tests.

    With regards
    Marcus Ramberg


    On Tue, Nov 24, 2009 at 5:50 AM, sean_ellis wrote:


    sean_ellis wrote:
    I've installed MojoMojo-0.999041 from cpan

    I created a new user via the registration, not an admin. I can limit the
    new user's privileges to only editing his home page, but so far, no matter
    what I've tried, he is still able to upload attachments to the root page.
    According to what I see in the path_permissions table (only view_allowed)
    this should not be the case.
    HI

    responding to my own post:

    after digging around I've come to the conclusion that the behaviour that I
    described above may be the default, and intentional

    I've managed to get what I wanted by wrapping the uploader display code in
    attachments.tt with a check for attachment privileges which seems to be
    working, so I'm happy

    Sean

    --
    View this message in context: http://n2.nabble.com/attachment-permissions-tp4048482p4055858.html
    Sent from the mojomojo mailing list archive at Nabble.com.

    _______________________________________________
    Mojomojo mailing list
    Mojomojo@lists.scsys.co.uk
    http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/mojomojo
  • Sean_ellis at Nov 26, 2009 at 6:43 am

    Marcus Ramberg wrote:
    Uhm, I do not believe this is intentional behaviour. I'd accept a
    patch to make edit permissions be required for uploading attachments,
    provided it includes tests.
    Ok, it hadn't seemed right. Delete attachment and insert was supressed but a
    functioning upload button was still there.

    I mimicked some if the code from root/base/attachments/list.tt , that seems
    to work for me so far. Perhaps header.tt would be edited to remove reference
    to the swf javascript files on pages like this? and .. ?

    I'm not sure what you meant above by 'tests'. I'll do it if I'm able.
    Meanwhile I'll attach a diff to show what I did,

    thanks

    Sean http://n2.nabble.com/file/n4069666/attach_perms_check
    attach_perms_check

    --
    View this message in context: http://n2.nabble.com/attachment-permissions-tp4048482p4069666.html
    Sent from the mojomojo mailing list archive at Nabble.com.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmojomojo @
postedNov 23, '09 at 1:16a
activeNov 26, '09 at 6:43a
posts4
users2
websitemojomojo.org

2 users in discussion

Sean_ellis: 3 posts Marcus Ramberg: 1 post

People

Translate

site design / logo © 2017 Grokbase