-
Notifications
You must be signed in to change notification settings - Fork 411
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new contributions permission #6348
Add new contributions permission #6348
Conversation
Looks good, one thing I'd test is whether the "undo" from the small popup you get when unassigning the session from an already-scheduled contribution (removing/changing the session unschedules id) still works. Because I think that might send a request to a timetable-related endpoint... Edit: Indeed, the undo button there fails, because it POSTs to |
|
"Send email" works fine, but "Authors list" -> "Send email" doesn't, since the latter uses are more generic endpoint which still checks for full management privileges. |
"Assign new session" and "Add new track" fail (as expected -> should be hidden). |
Should the "publish/draft contributions" toggle be accessible with this permissions (currently it is), or should that require full management privileges? I'm leaning towards the latter since that goes beyond just managing (some) contributions... |
Makes sense, I agree. For the jacow use-case all they need is to be able to edit titles/authors of contributions, so for this it wouldnt matter |
I think I will just disallow any session/track assignment - imo those should be in a separate permission ("timetable" and "programme" respectively) |
09d2a17
to
cd1c103
Compare
indico/modules/events/contributions/templates/management/_contribution_list.html
Outdated
Show resolved
Hide resolved
cd1c103
to
727c35a
Compare
727c35a
to
5751252
Compare
5751252
to
2db1af6
Compare
can_manage = self.contrib.can_manage(session.user) | ||
can_manage = self.contrib.can_manage(session.user, permission='contributions') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That change wasn't correct, it's a management check on the contribution so there we need to check for full management access. Anyway, I reverted this in 986469c.
ValueError: permission 'contributions' is not valid for 'Contribution' objects
Adds a new
contributions
permission for managing event contributions