Woda

Changed includes Add button regardless of rights

Bug #600442 reported by Malcolm Fitzgerald
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Woda
Fix Committed
Medium
Malcolm Fitzgerald
Woda merge-with-pro

Bug Description

WODA.pl 4.6.10

Text on the Changed page prompts user to add a new record using the button in the toolbar. Text and button is included regardless of rights. Clicking the Add button without rights generates an error report.

Suggest that we include a test for rights to ensure that these elements are not added to the page when Add is denied to the group.

I'll send through the changes that I make.

Related branches

lp:~xavier/woda/4.620
Woda: Pending requested
Diff: 0 lines
Revision history for this message
Malcolm Fitzgerald (malcolm-notyourhomework) wrote :

Correction. The bug is in cgiStore, so it affects cgiChanged too.

I have used the code below. It replaces text near line 50 in cgiStore; near line 680 in cgiChanged and near line 5700 in woda-max.pl.

You will see that I have simple wrapped the text and button within a test for rights to add.

A more subtle issue is that I have changed the variable from a global $x to a my variable named $txt. I did this because the call to wbAllowed was trashing $x and the end result was that $WBB{rights} was being printed onscreen.

my $txt = <<EOM ; #UK
<p>Thank you for contributing to $WBB{'dbTitle'}. Your edits were saved at URL <p>
<center><p><a class="BUTTON" href="$url">$url</a>.</p></center>
<p>
This information may be useful to locate the record for editing or updating.
You may wish to <tt>[bookmark]</tt> it.
<p>
EOM

if ( &wbAllowed( $Group, 'Add' ) ) {
 $txt .= '<p>To add a record, click on the add icon in the toolbar.</p>'; #UK
}

$y = "Success!"; #UK
print &formatWindow( $y, $txt );

if ( &wbAllowed( $Group, 'Add' ) ) {
$t = "Add another record"; #UK
push( @Toolbar, <<EOM);
<a href="$SCRIPT/Add">
<img $ICONPAR src="$ICONURL/add.gif" alt="$t" title="$t"></a>
EOM
}

Xavier Brochard (xavier)
Changed in woda:
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Malcolm Fitzgerald (malcolm-notyourhomework)
Revision history for this message
Xavier Brochard (xavier) wrote : Re: [Bug 600442] Re: Changed includes Add button regardless of rights

There is (or there was?) a similar problem in a lot of woda's "pages".

I think that we should use a different, global, system to display icons.
I don't know if it is feasible though. But here is some ideas:
- test rights in printFoot, then remove icons from @Toolbar
- use some global variables to define toolbar content ; one for browsing, one
for editing, etc. Each of these populated by the main routine (according to
rights). Then you just call them at each places you want.

But I doubt:
as Claudio pointed it, Woda is different from other database systems and that
is good. I like the fact that the code is, more or less, easy to understand.
The current system for toolbar, while not perfect, is very simple.

Xavier
<email address hidden> - 09 54 06 16 26

Revision history for this message
Malcolm Fitzgerald (malcolm-notyourhomework) wrote :

On 01/07/2010, at 5:49 PM, Xavier Brochard wrote:

> There is (or there was?) a similar problem in a lot of woda's "pages".
>
> I think that we should use a different, global, system to display icons.
> I don't know if it is feasible though. But here is some ideas:
> - test rights in printFoot, then remove icons from @Toolbar
> - use some global variables to define toolbar content ; one for browsing, one
> for editing, etc. Each of these populated by the main routine (according to
> rights). Then you just call them at each places you want.
>
> But I doubt:
> as Claudio pointed it, Woda is different from other database systems and that
> is good. I like the fact that the code is, more or less, easy to understand.
> The current system for toolbar, while not perfect, is very simple.

Yes, it is simple and there are only some places where the Page itself breaks the rules. I think that I was the one who requested that Ziga include an Add button on that page to make it easier to do data input from the web.

Malcolm

Revision history for this message
Xavier Brochard (xavier) wrote :

Le jeudi 1 juillet 2010 02:41:18, vous avez écrit :
> Correction. The bug is in cgiStore, so it affects cgiChanged too.
>
> I have used the code below. It replaces text near line 50 in cgiStore;

code added
but...
to come in Changed, one should be allowed to Add
and if one is allowed to Add, the button is allways included, no?

Xavier
<email address hidden> - 09 54 06 16 26

Revision history for this message
Xavier Brochard (xavier) wrote :

Le lundi 12 juillet 2010 17:51:23, vous avez écrit :
> to come in Changed, one should be allowed to Add
> and if one is allowed to Add, the button is allways included, no?

forget it
obviously one can Edit a password protected or Edit his own record (in a
usertable) without being able to Add one

regards, Xavier

Woda new home page:
http://woda.sourceforge.net/

Revision history for this message
Malcolm Fitzgerald (malcolm-notyourhomework) wrote :

On 13/07/10 7:25 AM, Xavier Brochard wrote:
> Le lundi 12 juillet 2010 17:51:23, vous avez écrit :
>> to come in Changed, one should be allowed to Add
>> and if one is allowed to Add, the button is allways included, no?
>
> forget it
> obviously one can Edit a password protected or Edit his own record (in a
> usertable) without being able to Add one
>

That's exactly the case I had in front of me when I noticed it.

--
Malcolm Fitzgerald
Director
That's Not Your Homework!
FileMaker Pro and Web Site Programming
ph: 0403 972 660
http://www.notyourhomework.net

Xavier Brochard (xavier)
Changed in woda:
status: Confirmed → Fix Committed
Xavier Brochard (xavier)
Changed in woda:
milestone: none → merge-with-pro
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.