Moving Reference Manual Sections is Available to All Staff

Jim, I'm putting this in the future, but wanted you to do two things:

- Put whatever tags on this are needed. Perhaps "referencemanual"

- See if you can recreate this on karlstaging

Paul,

quick check on staging and staff cannot update reference manuals.

Right, I wasn't closing this ticket, just moving it out of the way. It isn't part of the UX2 work.

--Paul

On Apr 9, 2012, at 10:19 AM, JimPGlenn wrote:

> Paul,
>
> quick check on staging and staff cannot update reference manuals.
>
> --
> You received this bug notification because you are subscribed to KARL3.
> https://bugs.launchpad.net/bugs/965270
>
> Title:
> Moving Reference Manual Sections is Available to All Staff
>
> Status in KARL3:
> New
>
> Bug description:
> Oxfam folks pointed out that any staff user can move Reference Manual
> sections with in Reference Manuals. This means that anyone can mess
> with the organizations of reference manuals. Only staff with admin
> permissions for those content areas and KARL Admins should be able to
> do this.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/karl3/+bug/965270/+subscriptions

I could not update reference manuals unless I had admin privileges therefore cannot recreate on staging.

Chris, this might be something unique to Oxfam's customization or worse, content.

Sharing some work with Carlos, in case he is working this weekend.

This was a general Karl problem. Manuals could not be edited, but it was possible to move sections and pages.

Pushed fix to cguardia-move-manual-permissions branch.

I cannot find cguardia-move-manual-permissions branch

Deployed branch

looks good

Still broken. The only people that should be able to edit or re-order a reference manual are the editors for that section and KARL Admins. I can login as any staff user in the system and re-order any reference manual.

Thanks for catching this. Sorry our testing didn't catch it.

--Paul

On Aug 15, 2012, at 2:04 PM, Nat Katin-Borland wrote:

> Still broken. The only people that should be able to edit or re-order
> a reference manual are the editors for that section and KARL Admins. I
> can login as any staff user in the system and re-order any reference
> manual.
>
> --
> You received this bug notification because you are subscribed to KARL3.
> https://bugs.launchpad.net/bugs/965270
>
> Title:
> Moving Reference Manual Sections is Available to All Staff
>
> Status in KARL3:
> Fix Committed
>
> Bug description:
> Oxfam folks pointed out that any staff user can move Reference Manual
> sections with in Reference Manuals. This means that anyone can mess
> with the organizations of reference manuals. Only staff with admin
> permissions for those content areas and KARL Admins should be able to
> do this.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/karl3/+bug/965270/+subscriptions

Chris, is this one that should be fixed by adjusting the ACL in content, or in software? I suspect this is an OSF policy on who is allowed, which means it needs to in a content ACL.

--Paul

On Aug 15, 2012, at 2:04 PM, Nat Katin-Borland wrote:

> Still broken. The only people that should be able to edit or re-order
> a reference manual are the editors for that section and KARL Admins. I
> can login as any staff user in the system and re-order any reference
> manual.
>
> --
> You received this bug notification because you are subscribed to KARL3.
> https://bugs.launchpad.net/bugs/965270
>
> Title:
> Moving Reference Manual Sections is Available to All Staff
>
> Status in KARL3:
> Fix Committed
>
> Bug description:
> Oxfam folks pointed out that any staff user can move Reference Manual
> sections with in Reference Manuals. This means that anyone can mess
> with the organizations of reference manuals. Only staff with admin
> permissions for those content areas and KARL Admins should be able to
> do this.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/karl3/+bug/965270/+subscriptions

Still broken

The problem here is that the branch was never merged. Chris pointed out that my fix merely removed the move buttons, but did not actually take the permission away. I was going to review it and forgot to reopen it. Sorry.

Back to "In Progress" for next week.

I believe Carlos is already working on this and has a branch for it.
I didn't merge it earlier because I saw that the branch only hid the
option in the UI, but didn't actually disable it at the ACL level, so
I kicked it back to Carlos and the branch is awaiting that fix, afaik.

Chris

On Wed, Aug 15, 2012 at 2:23 PM, Paul Everitt <email address hidden> wrote:
>
> Chris, is this one that should be fixed by adjusting the ACL in content, or in software? I suspect this is an OSF policy on who is allowed, which means it needs to in a content ACL.
>
> --Paul
>
> On Aug 15, 2012, at 2:04 PM, Nat Katin-Borland wrote:
>
>> Still broken. The only people that should be able to edit or re-order
>> a reference manual are the editors for that section and KARL Admins. I
>> can login as any staff user in the system and re-order any reference
>> manual.
>>
>> --
>> You received this bug notification because you are subscribed to KARL3.
>> https://bugs.launchpad.net/bugs/965270
>>
>> Title:
>> Moving Reference Manual Sections is Available to All Staff
>>
>> Status in KARL3:
>> Fix Committed
>>
>> Bug description:
>> Oxfam folks pointed out that any staff user can move Reference Manual
>> sections with in Reference Manuals. This means that anyone can mess
>> with the organizations of reference manuals. Only staff with admin
>> permissions for those content areas and KARL Admins should be able to
>> do this.
>>
>> To manage notifications about this bug go to:
>> https://bugs.launchpad.net/karl3/+bug/965270/+subscriptions
>

Committed fix to cguardia-move-manual branch.

I cannot test on dev/cguardia-move-manual because there are no reference manuals.

Jim, if you can test this:

https://karldev.gocept.com/cguardia-move-manual/osf/offices/files/reference-manuals/employee-handbook/

...we can get this out the door today and merge it.

staff and affiliate view only admin update, move, view looks good

looks good on staging

fixed