Advanced Forms

Advanced Search

Permission problem

Permalink Browser Info Environment
I created some kind of personal ads page with Advance Forms/Data Display where registered users can post their offers/requests. A user must be able to edit/delete his post and also some other (part-)admin groups. It works basically just as intended but there are a view strange problems:

- Editing in pop-up-mode only works for the super-admin. All others get a white page with a garbled form. display="inline" works fine. Dito with the delete confirmation message (display="inline" unfortunately not possible).
- The edit/delete links appear for the owner and the super-admin only. No matter which permissions I set for the form.

I'm running Concrete5 5.6.0.2 with basic permissions.

Did I miss some settings? Thank you for looking into it :-)
Best regards
Jürg
Type: Discussion
Status: New
Juerg
View Replies: View Best Answer
jgarcia replied on at Permalink Reply
jgarcia
Okay, give me some time to test things out and I'll get back to you. If you can send me a link to your site, that would help. From what it sounds like there's some sort of JavaScript error.
Juerg replied on at Permalink Reply
Juerg
Thanks for the quick reply. I now more now:
- If I uncheck "user can edit/delete own records" the permissions work as expected. Also the edit-popup works perfectly.
- As soon as I check above options only the super-admin and the record-owner see the edit/delete links and the edit-popup does not come up. Only a broken page is shown.

Since I'm still on my local pc (site is scheduled to go live by the beginning of 2013)its not very convenient to give you access. If necessary I will though.
Juerg replied on at Permalink Reply
Juerg
I did some more research and came up with two results:

1. The bug concerning not showing the edit/delet-links to the right persons is a programming error in answer_set.php. I changed two functions to the following and the links are now shown as they are supposed to:

public function userCanEdit() {
   $u = new User();
   if($u->isSuperUser()) { //Super user can always edit
      return true;
   }
   //Check whether users can either their own records
   $f = sixeightForm::getByID(intval($this->fID));
   if($f->ownerCanEdit()) {
      if($u->isRegistered() && intval($u->getUserID()) == intval($this->creator)) { //If the user owns the record, they can edit it
         return true;
      }
   }
   //If users cannot edit their own records, they must be part of a group that can edit records
   foreach($u->uGroups as $gID => $gName) { //Loop through the groups
      if($f->groupCanEditRecords($gID)) { //If user is part of a group that can edit, they can edit
Viewing 15 lines of 39 lines. View entire code block.


2. The pop-up window for editing/delete-confirmation is broken for anybody who does NOT have editing permission for the current page. People with editing permission see it just fine.
Juerg replied on at Permalink Best Answer Reply
Juerg
I finally found out why the popup dialog didn't work :-). Took me quite some time: In 5.6.0.2 ccm.app.js shows an error if the c5-toolbar is not displayed. Apparently bootstrap.js is not includede anymore. Therefore you need to load bootstrap.js explicitly in the forms-controller: loadHeaderItems(...).
public function loadHeaderItems($fID = 0) {
...
    $footerFiles[] = $html->javascript('bootstrap.js');
...
}


With the fix in my previous post and this tweak everything now works perfectly :-D.

Hope you can incorporate the fixes soon in a new add-on release.
Thank you.

concrete5 Environment Information

Browser User-Agent String

Hide Post Content

This will replace the post content with the message: "Content has been removed by an Administrator"

Hide Content

Request Refund

You have not specified a license for this support ticket. You must have a valid license assigned to a support ticket to request a refund.