Ticket #6629 (closed Bug: fixed)

Opened 7 years ago

Last modified 21 months ago

portlet_review footer needs to be smarter for non-managers

Reported by: whicks Owned by: piv
Priority: minor Milestone: 4.x
Component: General Version: 4.1
Keywords: Cc:

Description

The "Full Review List" link in the footer of the review portlet is useless to anyone who does not have review permissions at the portal root because of "string:${portal_url}/full_review_list". I would imagine there should be a conditional statement on the dd tag and that the link should reflect the current context, where a user might have permissions to review, and thus see the list.

Change History

comment:1 Changed 5 years ago by hannosch

  • Component changed from Workflow to Infrastructure

comment:2 Changed 2 years ago by ida

  • Status changed from new to confirmed
  • Version set to 4.1
  • Milestone changed from 3.3.x to 4.x

Still valid in plone-4.x, steps to reproduce:

  • create a folder and a user
  • give user local review-permissions on folder via sharing-tab
  • create an item in the folder and set state to pending
  • create a review-portlet on siteroot-level
  • login with user, see review-list-portlet, hit 'Full Review List'

-> Insufficient privileges

comment:3 Changed 22 months ago by davisagli

  • Component changed from Infrastructure to General

comment:4 Changed 21 months ago by piv

  • Owner set to piv
  • Status changed from confirmed to assigned

comment:5 Changed 21 months ago by piv

  • Status changed from assigned to closed
  • Resolution set to fixed

Applied the fix into plone.app.portlets 2.2 branch so it can be included within next 4.2.x bug fix releases:  https://github.com/plone/plone.app.portlets/commit/4eae973ecdc966d4d2b41f8009886bceb8cd253b

Note: See TracTickets for help on using tickets.