Uploaded image for project: 'Mocca Calendar Application'
  1. Mocca Calendar Application
  2. MOCCACAL-130

Specific "edit" and "delete" rights are not taken into account when showing event modal dialog

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 2.7.2
    • Fix Version/s: 2.7.3
    • Component/s: application
    • Labels:
      None
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      When deciding if to show the "edit" and "delete" buttons in the modal dialog view for any event, the actual permissions for that event are not taken into account; instead only the global rights for the current user are used.

      This happens by passing an undefined velocity variable in the check $xwiki.hasAccessLevel($right, $xcontext.getUser(), $item) .

      Fortunately this is not a security issue, as only the buttons are show or not shown incorrectly. Still it means for example that normal users cannot delete their own events via the modal dialog because the button is missing.

        Attachments

          Activity

            People

            • Assignee:
              camil7 Clemens Robbenhaar
              Reporter:
              camil7 Clemens Robbenhaar
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: