Ticket #8403 (closed Bug: fixed)
Portlets the user doesn't have permissions to add appear in the "add portlet" dropdown
| Reported by: | esteele | Owned by: | optilude |
|---|---|---|---|
| Priority: | minor | Milestone: | 3.3 |
| Component: | Infrastructure | Keywords: | |
| Cc: |
Description
Because the collection and static portlets don't use the same permissions as those from plone.app.portlets, it's possible to get to the "manage portlets" view. Selecting either of those two from the "add portlet" dropdown throws an insufficient privileges message.
The plone.app.portlets uses "Portlets: Manage Portlets", plone.portlet.collection uses "Add Collection Portlet", and plone.portlet.static uses "cmf.ManagePortal". Seems like the last should either use "manage portlets" or something less general.
Change History
comment:3 Changed 3 years ago by optilude
The user is not the owner of the dashboard's context - the dashboard's context is the Plone site root.
There's a custom permission for adding collection portlets (and, in Plone 3.3 with the bugfix that's about to come here, for static text portlets too). You can grant this to Member or whatever you want.
See also the related ticket #8409