anonymous users can change notice position/size #6

fredvd · 2014-10-28T14:41:24Z

Is is intentional that anonymous users can change the size and position of notices and that these are stored in Plone persistently? I'd assume that normal security applies and only people with access to a notice can also change its position/size. Now an anonymouse user can 'destroy' a noticeboard by accident or on purpose.

do3cc · 2014-10-30T21:36:00Z

No, it is not intentional, it is an oversight.

do3cc · 2014-10-30T23:02:39Z

Thank you @fredvd

do3cc · 2014-10-30T23:36:30Z

Oh oh, I remember now, I think we did this on purpose. @pbauer help!

IIRC there were two design constraints we had in mind while developing this board:

If you can see the board, you can see all messages.
If you can see the board, you can shuffle around notes.

I am not perfectly sure about the second point but the implementation I added now is not good, because it means, only if I edit a note, I can shuffle it around. It should probably have a different permission.

fredvd added the question label Oct 28, 2014

do3cc added bug and removed question labels Oct 30, 2014

do3cc added a commit that referenced this issue Oct 30, 2014

Add failing test for #6

2512acb

do3cc closed this as completed in a839c9d Oct 30, 2014

do3cc reopened this Oct 30, 2014

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

anonymous users can change notice position/size #6

anonymous users can change notice position/size #6

fredvd commented Oct 28, 2014

do3cc commented Oct 30, 2014

do3cc commented Oct 30, 2014

do3cc commented Oct 30, 2014

anonymous users can change notice position/size #6

anonymous users can change notice position/size #6

Comments

fredvd commented Oct 28, 2014

do3cc commented Oct 30, 2014

do3cc commented Oct 30, 2014

do3cc commented Oct 30, 2014