Item9048: Control saving topics, not just editing

Priority: Enhancement
Current State: Closed
Released In:
Target Release: n/a
Applies To: Extension
Component: WorkflowPlugin
Reported By: SeanLazar
Waiting For:
Last Change By: CrawfordCurrie
From [foswiki-discuss]

Hello, I've implemented the WorkflowPlugin with some success. However, it seems that the CommentPlugin and the EditTablePlugin circumvent the protections that the WorkflowPlugin provides.

Has anyone been successful in modifying either the CommentPlugin or the EditTablePlugin to work with the WorkflowPlugin authentication?

-- SeanLazar - 21 May 2010

By coincidence I was just making some mods to the WorkflowPlugin, and was reading that bit of code.

The problem is not with the CommentPlugin or EditTablePlugin per se - it's with the WorkflowPlugin. The "Allow Edit" column in the state table restricts who can edit the topic, not who can save it.

The problem is that the change authorisation checks in that plugin are only performed in the beforeEditHandler (and the beforeAttachmentSaveHandler). Neither of these handlers are visited when a topic is saved from the CommentPlugin. For that, the WorkflowPlugin needs to implement the checks in a beforeSaveHandler, and indeed there is (commented-out) code in the plugin to do exactly that.

-- CrawfordCurrie - 21 May 2010

Closed, pending upload to

-- CrawfordCurrie - 22 May 2010

Topic revision: r6 - 27 May 2010, CrawfordCurrie
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy