Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add canPublish check for ChangeSet #384

Conversation

mark-a-j-adriano
Copy link

Maybe the solution for #383

@mark-a-j-adriano mark-a-j-adriano force-pushed the dev-owns-canpublish-check branch from ec741ca to 287bd64 Compare November 30, 2022 09:47
$member = Security::getCurrentUser();

// Check if object has canPublish set to true
if ($object->canPublish($member)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We shouldn’t add this kind of logic here, as it’ll potentially block programatic publishing (e.g. a CLI task where no user is logged in)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ChangeSetItem already has its own canPublish method that checks the record object's canPublish, so it must be something else going on (if something is actually going on).

Nope, ChangeSetItem canPublish method is not called.

$object->publishSingle();

Already acts on the asset

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kinglozzer -> not sure where to put the logic if it is not the correct place. (In our use case this might suffice)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think for your use case I’d probably remove the image from $owns and add some logic in onAfterPublish() to check the date and publish if applicable

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would be a workaround for Mark, but I think this is a legit bug where it is reasonable to anticipate the permissions are respected, or we openly document that ownership cascade publishing trumps individual object permissions.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is a legit bug where it is reasonable to anticipate the permissions are respected

I agree

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep sorry I meant as a workaround! Will post my thoughts in the issue #383

@michalkleiner
Copy link
Contributor

ChangeSetItem already has its own canPublish method that checks the record object's canPublish, so it must be something else going on (if something is actually going on).

@GuySartorelli
Copy link
Member

I'm going to close this PR for now. As mentioned in the issue, this can't be resolved until we're ready to start working on a new major release.
The closed PR will still be associated with and linked from the issue, which is already in the CMS 6 milestone, so when we start working on that we'll have access to this PR to reference as a potential solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Page $owns does not respect asset canPublish
4 participants