Home › Support › Bug Reports
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
CRITICAL SECURITY VERSION UPDATE:
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13
Inline Editing Showing up for users without permissions
I'm not sure what's going on here. I have two "kinds" of users; one who has permission to edit everything and one who has permission to edit nothing. However, all users are required to be logged in in order to use the site.
What this means is that my "viewer" users get a pencil/plus in all of the same places that my "editor" user does. They don't work (they pop up a box that never loads-in content), but they're there all the time. They can obviously be turned off by hiding the overall editing tools, but they shouldn't show up if they're not editable, right?
What this means is that my "viewer" users get a pencil/plus in all of the same places that my "editor" user does. They don't work (they pop up a box that never loads-in content), but they're there all the time. They can obviously be turned off by hiding the overall editing tools, but they shouldn't show up if they're not editable, right?
Comments
fuel/modules/fuel/libraries/Fuel_page.php (577-580, inside of function render_marker($key))
if ($this->_CI->config->item('admin_enabled', 'fuel') AND
is_fuelified() AND
$this->_CI->fuel_auth->has_permission($marker['module'], 'edit') AND
(!isset($this->_CI->load->_ci_cached_vars['fuelified']) OR $this->_CI->load->_ci_cached_vars['fuelified'] === TRUE)
)
adding the third line ($this->_CI->fuel_auth->has_permission ...) which tests to see if the user has permission (not at all sure what that second parameter means) before rendering the marker.
Is that reasonable? Did I do something stupid there?