Bug and fix - Caneditrow plugin

[koolaid2]

The CanEditRow list plugin is not working using the latest files from Github.

In model/list.php around line 2878 in the function canEdit

the code:
if ($canUserDo !== -1)
{
return $canUserDo;
}

do return values before running the:

$canEdit = FabrikWorker::getPluginManager()->runPlugins('onCanEdit', $this, 'list', $row);
if (in_array(false, $canEdit))
{
return false;
}



Moving this so the it checks the runPlugins function before checking the canUserDo solevs the problem I think.

 

[felixkat]

Not sure but I'll point the post to Hugh....

 

[cheesegrits]

Well, this is one of those "policy" issues.

The way things are set up, we deliberately don't allow plugins to override a "user do" ACL setting on list access. So if you have set 'edit row' access to 'or use field', then that will override your canEditRow plugin.

It's not something we're going to change at this point, as it may well break existing applications. We also still feel this is the right way to do it - global user access controls are going to trump anything else, to avoid unintentional security problems.

So ... if you need to take the logged on user into account, you'll need to take the 'or use' field off your list, and handle that in your plugin, along with whatever other login you use for access control.

NOTE - if you don't have 'or use' set for the 'edit rows' ACL on the list, then this is a bug!

-- hugh

 

[koolaid2]

I see!!

I have been trying whit and whitout the "or use field" selection but not working, I also know tried to change the Edit access from Special to Registred then I can use the CanEditrow plugin to say "can not edit row".

Ok so it's working sort of. Just strange way of thing to get it to work.

I don't like the:
First give everyone access to edit rows and then use the CanEditrow plugin to have it so users can't edit some of the rows...


but ok ok

now it's working at least