Game, user and devteam need links to +edit if authorized
Bug #786835 reported by
Matt Giuca
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MUGLE |
Fix Released
|
High
|
Matt Giuca |
Bug Description
If a user is authorized to edit an object, there should be a link to the edit page from that object's main page.
Related branches
Changed in mugle: | |
milestone: | none → 0.1 |
Changed in mugle: | |
status: | Triaged → In Progress |
assignee: | nobody → Matt Giuca (mgiuca) |
Changed in mugle: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Does anyone have any ideas on how the client can figure out whether the user is authorized to edit or not? I don't think the client has access to any authz information like that at all, which makes it pretty hard.
(After all, that's the whole problem why we are letting people into the +edit pages even if they don't have permission -- we can't detect whether or not they have permission until they try to edit something.)
I'm wondering if we should / can add a field to the User, DevTeam and Game objects (just the client objects, not the *Data versions) called userCanEdit : Boolean, which indicates whether the user has edit permissions. Then we can use that to determine whether to display the "edit" links, as well as whether to show an error if the user visits the +edit page. Does that sound feasible?