Missing snip permission for is_staff | Sphene Community Tools

Board » General » Feature Discussions » Missing snip permission for is_staff

Posted by Anderson Santos Posts 39 Registered at 2007-08-02 14:59:20	2007-11-12 18:11:58 - Missing snip permission for is_staff
	In the admin it's possible to set a snip to staff members, but it seems there's no code to check this on wiki models: def __has_permission(self, user, pref, permission): if permission == None or permission <= -1: return True if user == None or not user.is_authenticated(): return False if user.is_superuser: return True if permission == 0: return True if permission == 1 and pref != None and pref.snip != None: if pref.snip.group.get_member(user) != None: return True return False what the heck am I doing?
Posted by Herbert Poul Posts 663 Registered at 2006-10-22 13:09:07	2007-11-12 19:00:18 - Re: Missing snip permission for is_staff
	you're right .. i guess that it should actually say 'superusers' only .. not staff .. what do you think would make more sense ? :) do you need the 'staff' option ? or would it be enough to have superusers ? Hey, we have Signatures !!! Great, isn't it ? ;)
Posted by Anderson Santos Posts 39 Registered at 2007-08-02 14:59:20	2007-11-12 19:05:42 - Re: Missing snip permission for is_staff
	Hello hello, You are fast, as usual. In my case I added a is_staff condition because our website is public but the wiki is private, from first to the last page =) what the heck am I doing?
Posted by Herbert Poul Posts 663 Registered at 2006-10-22 13:09:07	2007-11-12 19:34:14 - Re: Missing snip permission for is_staff
	well ... i simply adopted it (probably similar to your change): Index: models.py =================================================================== --- models.py (revision 368) +++ models.py (working copy) @@ -237,8 +237,11 @@ if user == None or not user.is_authenticated(): return False - if user.is_superuser: return True + # Noone has permission .. + if permission >= 3: return False + if user.is_superuser or user.is_staff: return True + if permission == 0: return True if permission == 1 and pref != None and pref.snip != None: i also added a check if 'nobody' is allowed ... it is not really important to me, since the plan is to add role permissions to the wiki soon .. ;) (but it was obviously a bug.. thanks for reporting it) Hey, we have Signatures !!! Great, isn't it ? ;)
Posted by Anderson Santos Posts 39 Registered at 2007-08-02 14:59:20	2007-11-13 10:57:20 - Re: Missing snip permission for is_staff
	Hmmm, maybe it would be good to review the security options, wich include one for "only staff" item. Anyway, we can have a situation that are pages wich only admin can edit, but I don't know if it's the case to set an Admin group or use the Django's Admin feature. What do you think? what the heck am I doing?
Posted by Herbert Poul Posts 663 Registered at 2006-10-22 13:09:07	2007-11-15 21:31:51 - Re: Missing snip permission for is_staff
	i'm not sure what you mean ? you need pages which are editable by admins, but not superusers ? Hey, we have Signatures !!! Great, isn't it ? ;)
Posted by Anderson Santos Posts 39 Registered at 2007-08-02 14:59:20	2007-11-16 11:06:46 - Re: Missing snip permission for is_staff
	No, by superusers but not by staff =) what the heck am I doing?

Please login to post a reply.