Item9048: Control saving topics, not just editing
Priority: Enhancement
Current State: Closed
Released In:
Target Release: n/a
From [foswiki-discuss]
Hello, I've implemented the
WorkflowPlugin with some success. However,
it seems that the
CommentPlugin and the
EditTablePlugin circumvent the
protections that the
WorkflowPlugin provides.
Has anyone been successful in modifying either the
CommentPlugin or the
EditTablePlugin to work with the
WorkflowPlugin authentication?
--
SeanLazar - 21 May 2010
By coincidence I was just making some mods to the
WorkflowPlugin, and
was reading that bit of code.
The problem is not with the
CommentPlugin or
EditTablePlugin per se -
it's with the
WorkflowPlugin. The "Allow Edit" column in the state table
restricts who can
edit the topic, not who can
save it.
The problem is that the change authorisation checks in that plugin are
only performed in the beforeEditHandler (and the
beforeAttachmentSaveHandler). Neither of these handlers are visited when
a topic is saved from the
CommentPlugin. For that, the
WorkflowPlugin
needs to implement the checks in a beforeSaveHandler, and indeed there
is (commented-out) code in the plugin to do exactly that.
--
CrawfordCurrie - 21 May 2010
Closed, pending upload to foswiki.org
--
CrawfordCurrie - 22 May 2010