Skip to content

Commit

Permalink
Show attributes from _unsafe_metadata if user has "Modify Portal …
Browse files Browse the repository at this point in the history 
…Content" permissions.
  • Loading branch information
@thet
thet committed Apr 6, 2016
1 parent 68abf18 commit c7b07b8
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
2 changes: 1 addition & 1 deletion CHANGES.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ Incompatibilities:
New:

- Add ``Creator``, ``Description``, ``end``, ``start`` and ``location`` to the available columns and context attributes for folder_contents.
Exclude ``Creator`` from the list of ``_unsafe_metadata``.
Show attributes from ``_unsafe_metadata`` if user has "Modify Portal Content" permissions.
[thet]

Fixes:
Expand Down
5 changes: 4 additions & 1 deletion plone/app/content/browser/vocabulary.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ def _parseJSON(s):
_unsafe_metadata = [
'author_name',
'commentors',
'Creator',
'listCreators',
]
_safe_callable_metadata = [
Expand Down Expand Up @@ -183,6 +184,8 @@ def __call__(self):
]
if attributes:
base_path = getNavigationRoot(context)
sm = getSecurityManager()
can_edit = sm.checkPermission('Modify portal content', context)
for vocab_item in results:
if not results_are_brains:
vocab_item = vocab_item.value
Expand All @@ -191,7 +194,7 @@ def __call__(self):
key = attr
if ':' in attr:
key, attr = attr.split(':', 1)
if attr in _unsafe_metadata:
if attr in _unsafe_metadata and not can_edit:
continue
if key == 'path':
attr = 'getPath'
Expand Down

0 comments on commit c7b07b8

Please sign in to comment.