Details
-
Bug
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
None
-
None
-
0.5
-
Quasar
-
Puma Sprint 242
Description
Reproduction: Setup archetype with banners. In the homepage in the CM add a component pointing to 'banner 1'
In the console below /hippo:configuration/hippo:domains/content/content-domain/ add:
/exclude-banners-content-and-descendants:
jcr:primaryType: hipposys:facetrule
hipposys:equals: false
hipposys:facet: jcr:path
hipposys:type: Reference
hipposys:value: /content/documents/myproject/banners
as a result, authors and editors do not have role hippo:author on banner any more.
Now go to CM : the edit button is still enabled.
Expected: The edit button is not enabled any more.
Implementation details
In org.hippoecm.hst.tag.HstManageContentTag#processHippoBean and in com.onehippo.hst.pagemodelapi.v09.core.container.ChannelMngrMetadataDecorator#createContentNodeSpanList we should check with
org.hippoecm.hst.util.JcrSessionUtils#isInRole
whether the user is in role "hippo:author". If not, we should add an indication that the user does not have author privilege on the document and the edit button should not be shown.
Note that just leaving the "uuid" out of the html comment does not work well, since than the magnifier glass is shown in the CM: Therefor, I think we should add an extra flag, something like
editable = false
and use this in the CM.
abogaart, WDYT?