-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix BlogPost canEdit permissions. #608
Fix BlogPost canEdit permissions. #608
Conversation
If permissions earlier in the inheritance chain fail, we should not allow users to edit posts. If permissions earlier in the inheritance chain succeed, we should still go through the checks in this method.
Had the wrong tab open, meant to close a different PR. Sorry. |
The tests need updating to reflect the changes in logic |
Hey there. Perhaps we should take a slightly different approach (which is already taken by the Blog class), and do our class specific tests first - then, only if we don't want to explicitly allow the user to edit the post (i.e. they're not listed as an author or editor for the post nor the parent blog), we can kick checks back to the superclass. |
that's right, that's why the tests need updating, to reflect the new intended behaviour |
No, what I meant was that I think the tests as written are still correct, unless I have misunderstood the relationship between the test fixtures. Either I am misreading the fixtures, or my change has revealed a different issue. Either way I would appreciate someone taking a look and seeing what's going on. |
@GuySartorelli are you still interested in this one? - note - it's targeting |
Nope. It's something that should be fixed at some stage but I have no specific interest in diving into the tests to see what's going on there. |
resolves #607
If permissions earlier in the inheritance chain fail, we should not allow users to edit posts.
If permissions earlier in the inheritance chain succeed, we should still go through the checks in this method.