[pLog-svn] r6569 - plog/branches/lifetype-1.2/class/action/admin
Jon Daley
plogworld at jon.limedaley.com
Thu Jun 19 07:56:51 EDT 2008
Yeah, I figured it was being pretty picky, and probably not
solvable, but I think we should leave the comment in there, so some day we
might fix it.
The case I was talking about was not modifying articles in other
blogs, but modifying articles in the same blog. I think our permission
system allows for a user to have post privileges, but not editing
privileges, even of his own posts, but especially other's posts.
On Thu, 19 Jun 2008, Mark Wu wrote:
> According to our current permission mode, we can not control this kind of
> case. It is too details.
>
> Only one way to avoid this to happened is to implement token-like mechanism
> inside saveDraft. The saveDraft only valid with this specific token.
>
> But, user only add blog user that he trust, so how can a user update others
> articles if he is not belong to others blog user list??
>
> Mark
>
>> -----Original Message-----
>> From: plog-svn-bounces at devel.lifetype.net
>> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
>> Sent: Wednesday, June 18, 2008 10:00 PM
>> To: LifeType Developer List
>> Subject: Re: [pLog-svn] r6569 -
>> plog/branches/lifetype-1.2/class/action/admin
>>
>> Right, I know we need to let him update the post he
>> just added, but what about other posts - I expect he can edit
>> other posts, and the permission system would normally prevent
>> him from doing that, but I think he can bypass it by using
>> the draft update. Is that incorrect?
>>
>> On Wed, 18 Jun 2008, mark at devel.lifetype.net wrote:
>>
>>> Author: mark
>>> Date: 2008-06-18 03:45:07 -0400 (Wed, 18 Jun 2008) New
>> Revision: 6569
>>>
>>> Modified:
>>>
>>>
>> plog/branches/lifetype-1.2/class/action/admin/adminsavedraftarticleaja
>>> xaction.class.php
>>> Log:
>>> Yes, we should let user update his draft post, or this
>> function is useless.
>>>
>>> Modified:
>>>
>> plog/branches/lifetype-1.2/class/action/admin/adminsavedraftarticleaja
>>> xaction.class.php
>>> ===================================================================
>>> ---
>> plog/branches/lifetype-1.2/class/action/admin/adminsavedraftar
>> ticleajaxaction.class.php 2008-06-18 07:43:49 UTC (rev 6568)
>>> +++
>> plog/branches/lifetype-1.2/class/action/admin/adminsavedraftar
>> ticleajaxaction.class.php 2008-06-18 07:45:07 UTC (rev 6569)
>>> @@ -53,8 +53,6 @@
>>> // in case the post is already in the db
>>> if( $this->_postId != "" ) {
>>> $article->setId( $this->_postId );
>>> - // TODO: can a user without the
>> update_post permission
>>> - // update using the savedraft method?
>>> $postSavedOk = $articles->updateArticle( $article );
>>>
>>> if( $postSavedOk )
>>> @@ -86,4 +84,4 @@
>>> return true;
>>> }
>>> }
>>> -?>
>>> \ No newline at end of file
>>> +?>
>>>
>>> _______________________________________________
>>> pLog-svn mailing list
>>> pLog-svn at devel.lifetype.net
>>> http://limedaley.com/mailman/listinfo/plog-svn
>>>
>>
>> --
>> Jon Daley
>> http://jon.limedaley.com
>> ~~
>> Common sense is the collection of prejudices acquired by age 18.
>> -- Albert Einstein
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://limedaley.com/mailman/listinfo/plog-svn
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
--
Jon Daley
http://jon.limedaley.com
~~
What good is it for a man to gain the whole world, yet forfeit his soul?
-- Jesus Christ
More information about the pLog-svn
mailing list