[MAGNOLIA-4060] Edit bar show on read only users Created: 13/Mar/12  Updated: 23/Mar/12  Resolved: 20/Mar/12

Status: Closed
Project: Magnolia
Component/s: templating
Affects Version/s: 4.5.1
Fix Version/s: 4.5.2

Type: Bug Priority: Major
Reporter: Eric Hechinger Assignee: Espen Jervidalo
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

I created a new User assigned to the Demo-project-publishers group. When loging in the admin central, the demo-project is mark as readonly (ok). When opening the demo-project, the edit bars are accessible (can open the component property or start to add a component). Once we try to save the modifications we got the following exception (Ok)

2012-03-13 14:44:14,624 ERROR nfo.magnolia.module.admininterface.SaveHandlerImpl: /demo-project/content/0/MetaData/mgnl:authorid: not allowed to add or modify item
javax.jcr.AccessDeniedException: /demo-project/content/0/MetaData/mgnl:authorid: not allowed to add or modify item

Edit bar should not appear on read-Only users!



 Comments   
Comment by Jan Haderka [ 14/Mar/12 ]

As a minimal solution, just disable edit icon for read-only access users.

Comment by Federico Grilli [ 14/Mar/12 ]

Alternatively, in info.magnolia.templating.elements.InitElement one could check if the current user has write permissions on the current content and, in case he/she has none, simply skip the inclusion of the PageEditor javascript which triggers the edit bars rendering.

Comment by Espen Jervidalo [ 20/Mar/12 ]

Added Permission check on areas and components. inspired by 4.4-Implementeation:

  • using Session.ACTION_SET_PROPERTY instead of Permission.SET
  • if permission not granted the comment is not rendered and the editbars skipped
Generated at Mon Feb 12 03:52:16 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.