-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add canPublish check for ChangeSet #384
Add canPublish check for ChangeSet #384
Conversation
ec741ca
to
287bd64
Compare
$member = Security::getCurrentUser(); | ||
|
||
// Check if object has canPublish set to true | ||
if ($object->canPublish($member)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We shouldn’t add this kind of logic here, as it’ll potentially block programatic publishing (e.g. a CLI task where no user is logged in)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ChangeSetItem
already has its owncanPublish
method that checks the record object's canPublish, so it must be something else going on (if something is actually going on).
Nope, ChangeSetItem
canPublish method is not called.
silverstripe-versioned/src/ChangeSetItem.php
Line 307 in 4baa7b4
$object->publishSingle(); |
Already acts on the asset
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kinglozzer -> not sure where to put the logic if it is not the correct place. (In our use case this might suffice)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think for your use case I’d probably remove the image from $owns
and add some logic in onAfterPublish()
to check the date and publish if applicable
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That would be a workaround for Mark, but I think this is a legit bug where it is reasonable to anticipate the permissions are respected, or we openly document that ownership cascade publishing trumps individual object permissions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is a legit bug where it is reasonable to anticipate the permissions are respected
I agree
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep sorry I meant as a workaround! Will post my thoughts in the issue #383
|
I'm going to close this PR for now. As mentioned in the issue, this can't be resolved until we're ready to start working on a new major release. |
Maybe the solution for #383