Forum OpenACS Development: General comments security test not cascading?

Collapse
1: General comments security test not cascading?
Posted by Mark Aufflick on 06/13/02 07:16 PM
Hi all again,

I am trying to add general comments to file-storage, but only the
folder owner can add comments. I haven't looked too deeply into how
file-storage does perms (or blow waves) but surely since I pass a
valid -context to general-comments, and thus ad_require_permission,
the context should be checked for perms when the test on the object_id
fails? Except that ad_require_permission, doesn't have an option to
supply a custom context. Sooo, I hacked the add-comment.tcl in
general-comments/www to change:

ad_require_permission $object_id general_comments_create

into:

if {![ad_permission_p $object_id general_comments_create]} {
    ad_require_permission $context_id general_comments_create
}

this seems to me to be the purpose behind the ability to pass through
a context - since context is a perms thing not a structural thing...

Let me know what you all think.

Collapse
2: Response to General comments security test not cascading? (response to 1)
Posted by Roger Williams on 06/19/02 09:42 PM
Hello Mark:

I do not know how FS does its inheritance, but I have had to fix a problem with commenting on news stories which (at the bottom) was a permission problem.

Basically, if the news_item did not have the general_comments_create privilege, it would not work. Finally, I figured out that all news_items inherit from a (poorly-named in my view) folder called news. Once I gave this folder the gcc privilege to Registered Users, all news_items could be commented on.

BTW, now the Solicit Comments parameter of the news application works at expected!

Regards..