[Mailman-Developers] [ Query ] Some bugs in postorius that needs to be addressed
Ankush Sharma
ankush.sharma.ece12 at iitbhu.ac.in
Mon Apr 13 21:49:46 CEST 2015
The above bugs have been discussed in detail with Bhavesh Goyal with
involvement of Terri. I think fixing
https://code.launchpad.net/~bhavesh-goyal093/postorius/fixed-nav-role-identification
would
work !
On Mon, Apr 13, 2015 at 7:05 PM, Ankush Sharma <
ankush.sharma.ece12 at iitbhu.ac.in> wrote:
> Sorry for the typo `good` is not required in the first line.
>
> On Mon, Apr 13, 2015 at 7:01 PM, Ankush Sharma <
> ankush.sharma.ece12 at iitbhu.ac.in> wrote:
>
>> Hello everyone,
>>
>> I have found a good some bugs in postorius. Needs your review before
>> fixing them.
>>
>> *1.* The *list_moderator* is not able to access the list of held
>> messages as visiting at <base-url>/postorius/lists/<list-id>*/held_messages
>> *gives a *403 *i.e *Forbidden* Status code because it is simply not
>> allowed to access it. I have discussed the cause and fix for this issue
>> here https://bugs.launchpad.net/postorius/+bug/1443433 .
>> I am assuming the *list_owner* to be a *list_moderator* in my fix as
>> indicated by
>> http://bazaar.launchpad.net/~mailman-coders/postorius/trunk/view/head:/src/postorius/auth/decorators.py#L88
>>
>> *2. *At
>> http://bazaar.launchpad.net/~mailman-coders/postorius/trunk/view/head:/src/postorius/templates/postorius/menu/list_nav.html#L18 ; why
>> a *list_moderator *is allowed to view the `*Mass Subscribe`* link on the
>> list navigation bar ? Though clicking it will give a *403* again as he
>> has not permission for it. I think it should be *list_owner. *
>>
>> *3. *The *list_navigation menu *containing the links to Info, Settings,
>> Mass Subscribe, Delete etc. options for a list are only visible to the *super_user.
>> *Though, a *list_owner *should be able to see these for his *owned
>> lists *and similarly a *list_moderator *should be able to see the *held
>> messages *option in his navigation menu. This can be fixed by replacing
>> the line: http://bazaar.launchpad.net/~mailman-coders/postorius/trunk/view/head:/src/postorius/templates/postorius/lists/summary.html#L10
>> by
>>
>> % if user.is_superuser or user.is_list_owner or user.is_moderator %}
>>
>> As we have a second level permission check before rendering the
>> respective options implemented in the file :
>> http://bazaar.launchpad.net/~mailman-coders/postorius/trunk/view/head:/src/postorius/templates/postorius/menu/list_nav.html
>> <http://bazaar.launchpad.net/~mailman-coders/postorius/trunk/view/head:/src/postorius/templates/postorius/menu/list_nav.html#L18> .
>> Doing this will cause proper person to see the options that he is allowed
>> to do in his navigation menu. More on this here :
>> https://bugs.launchpad.net/postorius/+bug/1443400
>>
>> Thanks,
>>
>> Ankush Sharma
>> IIT-BHU,Varanasi
>> India
>> github.com/black-perl
>>
>>
>
>
More information about the Mailman-Developers
mailing list