Ticket #5117 (closed Bug: wontfix)

Opened 6 years ago

Last modified 3 years ago

plone 2.1 showEditableBorder shouldn't make things hard for anonymous-editable content

Reported by: simon Owned by: brcwhit
Priority: major Milestone: 2.1.3
Component: Infrastructure Keywords:
Cc:

Description (last modified by wichert) (diff)

This change: [6266] , explained in  http://plone.org/products/plone/roadmap/90 , unconditionally hides the edit controls from anonymous users. It seems to assume that anonymous-editable content is really rare, requiring a strange workaround in that situation. Surely that's a bad assumption ? I think the plone 2.0 behaviour is correct; if the permissions say so, then the object is editable.

Change History

comment:2 Changed 6 years ago by limi

  • Component changed from Unknown to Permissions
  • Milestone set to 2.1.2

Alec suggests:

"the edit permission check could be placed before the isAnon check, it will result in a pretty insignificant performance hit, and preserve the 2.0 behavior, plus allow this use case"

also:

"we can check the Add portal content permission check as well, though, we could put all the permission checks before isAnon, the really important thing is that that isAnon check happpens before the actions and types checks. The earlier it happens the better."

We should probably try to get this into 2.1.2. Should be benchmarked too, just to make sure it doesn't add any significant overhead.

comment:3 Changed 6 years ago by wichert

  • Description modified (diff)

comment:4 Changed 6 years ago by hannosch

  • Milestone changed from 2.1.2 to 2.1.x

Not enough time to fix it in 2.1.2. Should be dealt with right after 2.1.2 is out :)

comment:5 Changed 6 years ago by hannosch

  • Milestone changed from 2.5.x to 2.1.x

comment:6 Changed 6 years ago by brcwhit

  • Owner changed from somebody to brcwhit

comment:7 Changed 6 years ago by brcwhit

  • Status changed from new to closed
  • Resolution set to fixed

(In [9788]) fixes #5117. added permission checks for 'Modify portal content', 'Add portal content', 'Review portal content' before check for anonymous to allow for enabling anonymous editing via perms

comment:8 Changed 6 years ago by hannosch

  • Milestone changed from 2.1.x to 2.1.3

comment:9 Changed 6 years ago by aknoerig

  • Status changed from closed to reopened
  • Resolution fixed deleted

What about the case, where additional content view tabs just provide additional views on the content?

For instance, I have a Product content type and have several tabs to look at an Overview, Features, and Specs of the product. I don't want to grant additional rights to the user here, just to be able to display the tabs.

I think this might also be a frequent use case, and I have so far only found a dirty solution to make it work.

P.S. See also ticket  4882 for a previous discussion.

comment:10 Changed 6 years ago by hannosch

  • Status changed from reopened to closed
  • Resolution set to wontfix

As already discussed on the mentioned issue the editable border is semantically meant to highlight the fact that you have the possibility to edit in the current context.

If you define more than one anonymously available view you can either style these differently (for example with a CSS file which is applied based on permissions) or use the provided "top_slot" hook in your view templates to always enable the border. You are of course also free to just customize the script and change it to your needs. That's what customization is for ;)

comment:11 Changed 3 years ago by hannosch

  • Component changed from Permissions to Infrastructure
Note: See TracTickets for help on using tickets.