Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix BlogPost canEdit permissions. #608

Closed
wants to merge 1 commit into from
Closed

Fix BlogPost canEdit permissions. #608

wants to merge 1 commit into from

Conversation

GuySartorelli
Copy link
Member

resolves #607
If permissions earlier in the inheritance chain fail, we should not allow users to edit posts.
If permissions earlier in the inheritance chain succeed, we should still go through the checks in this method.

@GuySartorelli
Fix canEdit permissions.
339053e 
If permissions earlier in the inheritance chain fail, we should not allow users to edit posts.
If permissions earlier in the inheritance chain succeed, we should still go through the checks in this method.
@GuySartorelli GuySartorelli reopened this May 22, 2020
@GuySartorelli
Copy link
Member Author

Had the wrong tab open, meant to close a different PR. Sorry.

@dhensby
Copy link
Contributor

dhensby commented May 23, 2020

The tests need updating to reflect the changes in logic

@GuySartorelli
Copy link
Member Author

Hey there.
It is starting to look to me as though the tests which are failing should be failing (e.g. BlogTest::testRoles, I think editor should be able to edit that post. The canEdit check seems to be failing up the chain in SilverStripe's checking somewhere, and I can't make heads nor tails of why that would be.

Perhaps we should take a slightly different approach (which is already taken by the Blog class), and do our class specific tests first - then, only if we don't want to explicitly allow the user to edit the post (i.e. they're not listed as an author or editor for the post nor the parent blog), we can kick checks back to the superclass.

@dhensby
Copy link
Contributor

dhensby commented Jun 17, 2020

It is starting to look to me as though the tests which are failing should be failing (e.g. BlogTest::testRoles, I think editor should be able to edit that post. The canEdit check seems to be failing up the chain in SilverStripe's checking somewhere, and I can't make heads nor tails of why that would be.

that's right, that's why the tests need updating, to reflect the new intended behaviour

@GuySartorelli
Copy link
Member Author

It is starting to look to me as though the tests which are failing should be failing (e.g. BlogTest::testRoles, I think editor should be able to edit that post. The canEdit check seems to be failing up the chain in SilverStripe's checking somewhere, and I can't make heads nor tails of why that would be.

that's right, that's why the tests need updating, to reflect the new intended behaviour

No, what I meant was that I think the tests as written are still correct, unless I have misunderstood the relationship between the test fixtures. Either I am misreading the fixtures, or my change has revealed a different issue. Either way I would appreciate someone taking a look and seeing what's going on.

@emteknetnz
Copy link
Member

@GuySartorelli are you still interested in this one? - note - it's targeting master

@GuySartorelli
Copy link
Member Author

Nope. It's something that should be fixed at some stage but I have no specific interest in diving into the tests to see what's going on there.
If someone else comes across this problem again and makes it known I might pick it up again but until then happy to close.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhensby dhensby dhensby approved these changes

Assignees
No one assigned
Labels
affects/v4 complexity/medium impact/medium type/enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Blog Post canEdit method allows some members to edit posts for which they are not an editor/author.
3 participants
@GuySartorelli @dhensby @emteknetnz