Skip to content

Commit

Permalink
[fc] Repository: plone.app.upgrade
Browse files Browse the repository at this point in the history 
Branch: refs/heads/master
Date: 2024-11-25T17:16:48-03:00
Author: Maurits van Rees (mauritsvanrees) <[email protected]>
Commit: plone/plone.app.upgrade@34ce71c

Added upgrade to 6106, Plone 6.1.0b2.

Files changed:
A news/6106.internal
M plone/app/upgrade/v61/configure.zcml
  • Loading branch information
@mauritsvanrees
mauritsvanrees committed Nov 25, 2024
1 parent 57cb057 commit b1911ff
Showing 1 changed file with 8 additions and 73 deletions.
81 changes: 8 additions & 73 deletions last_commit.txt
View file
Original file line number Diff line number Diff line change
@@ -1,81 +1,16 @@
Repository: plone.app.users
Repository: plone.app.upgrade


Branch: refs/heads/master
Date: 2024-11-25T11:22:46+01:00
Author: Yuri (yurj) <[email protected]>
Commit: https://github.com/plone/plone.app.users/commit/0a7d5f025c419a5a03f6aace88ded353091dfd99
Date: 2024-11-25T17:16:48-03:00
Author: Maurits van Rees (mauritsvanrees) <[email protected]>
Commit: https://github.com/plone/plone.app.upgrade/commit/34ce71cc073aef98b908fd2de560ec34edac9464

Protect `@@member-fields` additional traversal to the edit schema

Protect `@@member-fields` additional traversal to the edit view of the schema context with the `plone.app.controlpanel.UsersAndGroups` permission, as the `@@member-fields` view itself.
See https://community.plone.org/t/member-fields-browser-view-unprotected/20103

Files changed:
M plone/app/users/browser/configure.zcml

b'diff --git a/plone/app/users/browser/configure.zcml b/plone/app/users/browser/configure.zcml\nindex 3aa1203..63d6592 100644\n--- a/plone/app/users/browser/configure.zcml\n+++ b/plone/app/users/browser/configure.zcml\n@@ -80,7 +80,7 @@\n name="edit"\n for=".schemaeditor.IMemberSchemaContext"\n class=".schemaeditor.SchemaListingPage"\n- permission="zope2.View"\n+ permission="plone.app.controlpanel.UsersAndGroups"\n />\n \n <browser:page\n'

Repository: plone.app.users


Branch: refs/heads/master
Date: 2024-11-25T11:25:19+01:00
Author: Yuri (yurj) <[email protected]>
Commit: https://github.com/plone/plone.app.users/commit/6ef247cc5582f8a296b93d1e37131fda201fa9b7

news

Files changed:
A news/125.bugfix

b'diff --git a/news/125.bugfix b/news/125.bugfix\nnew file mode 100644\nindex 00000000..fa905b1c\n--- /dev/null\n+++ b/news/125.bugfix\n@@ -0,0 +1 @@\n+[yurj] fix for https://github.com/plone/plone.app.users/issues/125 (view @@member-fields is public)\n'

Repository: plone.app.users


Branch: refs/heads/master
Date: 2024-11-25T08:51:52-05:00
Author: David Glick (davisagli) <[email protected]>
Commit: https://github.com/plone/plone.app.users/commit/ee4aadd5a1f9353330eea09e2f6aeccf7c6e6089

Update news/125.bugfix

Files changed:
M news/125.bugfix

b'diff --git a/news/125.bugfix b/news/125.bugfix\nindex fa905b1..c58e148 100644\n--- a/news/125.bugfix\n+++ b/news/125.bugfix\n@@ -1 +1 @@\n-[yurj] fix for https://github.com/plone/plone.app.users/issues/125 (view @@member-fields is public)\n+Check plone.app.controlpanel.UsersAndGroups permission for the @@member-fields edit view. @yurj \n'

Repository: plone.app.users


Branch: refs/heads/master
Date: 2024-11-25T08:52:14-05:00
Author: David Glick (davisagli) <[email protected]>
Commit: https://github.com/plone/plone.app.users/commit/d6abfdf26a341ce283a5eef17ac6370691d55146

Update 125.bugfix

Files changed:
M news/125.bugfix

b'diff --git a/news/125.bugfix b/news/125.bugfix\nindex c58e148..4525a82 100644\n--- a/news/125.bugfix\n+++ b/news/125.bugfix\n@@ -1 +1 @@\n-Check plone.app.controlpanel.UsersAndGroups permission for the @@member-fields edit view. @yurj \n+Check `plone.app.controlpanel.UsersAndGroups` permission for the `@@member-fields` edit view. @yurj \n'

Repository: plone.app.users


Branch: refs/heads/master
Date: 2024-11-25T05:52:55-08:00
Author: David Glick (davisagli) <[email protected]>
Commit: https://github.com/plone/plone.app.users/commit/b7ba13ccd9a17b4289d46d37fbefeaeebe01e4c3

Merge pull request #130 from plone/yurj-member-fields-permission

Fix view @@member-fields is public
Added upgrade to 6106, Plone 6.1.0b2.

Files changed:
A news/125.bugfix
M plone/app/users/browser/configure.zcml
A news/6106.internal
M plone/app/upgrade/v61/configure.zcml

b'diff --git a/news/125.bugfix b/news/125.bugfix\nnew file mode 100644\nindex 00000000..4525a82c\n--- /dev/null\n+++ b/news/125.bugfix\n@@ -0,0 +1 @@\n+Check `plone.app.controlpanel.UsersAndGroups` permission for the `@@member-fields` edit view. @yurj \ndiff --git a/plone/app/users/browser/configure.zcml b/plone/app/users/browser/configure.zcml\nindex 3aa12036..63d65929 100644\n--- a/plone/app/users/browser/configure.zcml\n+++ b/plone/app/users/browser/configure.zcml\n@@ -80,7 +80,7 @@\n name="edit"\n for=".schemaeditor.IMemberSchemaContext"\n class=".schemaeditor.SchemaListingPage"\n- permission="zope2.View"\n+ permission="plone.app.controlpanel.UsersAndGroups"\n />\n \n <browser:page\n'
b'diff --git a/news/6106.internal b/news/6106.internal\nnew file mode 100644\nindex 00000000..16845771\n--- /dev/null\n+++ b/news/6106.internal\n@@ -0,0 +1,2 @@\n+Added upgrade to 6106, Plone 6.1.0b2.\n+[maurits]\ndiff --git a/plone/app/upgrade/v61/configure.zcml b/plone/app/upgrade/v61/configure.zcml\nindex e73fbbc7..ab61cf52 100644\n--- a/plone/app/upgrade/v61/configure.zcml\n+++ b/plone/app/upgrade/v61/configure.zcml\n@@ -88,4 +88,16 @@\n />\n </gs:upgradeSteps>\n \n+ <gs:upgradeSteps\n+ profile="Products.CMFPlone:plone"\n+ source="6105"\n+ destination="6106"\n+ >\n+ <!-- Plone 6.1.0b2 -->\n+ <gs:upgradeStep\n+ title="Miscellaneous"\n+ handler="..utils.null_upgrade_step"\n+ />\n+ </gs:upgradeSteps>\n+\n </configure>\n'

0 comments on commit b1911ff

Please sign in to comment.