Inline Editing Showing up for users without permissions

edited April 2012 in Bug Reports
I'm not sure what's going on here. I have two "kinds" of users; one who has permission to edit everything and one who has permission to edit nothing. However, all users are required to be logged in in order to use the site.

What this means is that my "viewer" users get a pencil/plus in all of the same places that my "editor" user does. They don't work (they pop up a box that never loads-in content), but they're there all the time. They can obviously be turned off by hiding the overall editing tools, but they shouldn't show up if they're not editable, right?

Comments

  • edited 4:03AM
    NOTE: I just made the following change to

    fuel/modules/fuel/libraries/Fuel_page.php (577-580, inside of function render_marker($key))


    if ($this->_CI->config->item('admin_enabled', 'fuel') AND
    is_fuelified() AND
    $this->_CI->fuel_auth->has_permission($marker['module'], 'edit') AND
    (!isset($this->_CI->load->_ci_cached_vars['fuelified']) OR $this->_CI->load->_ci_cached_vars['fuelified'] === TRUE)
    )

    adding the third line ($this->_CI->fuel_auth->has_permission ...) which tests to see if the user has permission (not at all sure what that second parameter means) before rendering the marker.

    Is that reasonable? Did I do something stupid there?
  • edited 4:03AM
    That seems reasonable to me. I'll look into adding that.
Sign In or Register to comment.