Opened 12 years ago
Last modified 12 years ago
#312 new enhancement
FileTreePanel - client-side ACL management for create actions
Reported by: | adube | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | 1.8.0 |
Component: | widgets | Version: | |
Keywords: | Cc: |
Description
When enabling the FileTreePanel upload and/or newDir features, the buttons are added and you can do any create action for all the listed elements. These elements were created using the "read" action and are assigned to a resource.
Issue
The upload and newDir features does "create" actions and currently don't manage ACL rights on the client-side. So, uploading a new file in a directory (linked to a resource) the user only has read access would throw a php error, which wouldn't be smoothly be taken care of on client-side.
Solution
The ACL works, but we need make sure the client-side handles the error better OR avoid them. We could :
- add a "create": true / false element in the json returned on read that would be used to toggle on and off the actions, thus avoiding to use them
- handle the ACL calls in the proxy so that they would return smooth JSON errors if the user doesn't have the rights
Other solutions are welcome.
No patch, pushed to 1.4.