Ticket #13044 (confirmed Bug)

Opened 4 years ago

Last modified 4 years ago

External edit raises Unauthorized if user has no AccessContentsInformation on parent

Reported by: thomasdesvenain Owned by:
Priority: minor Milestone: 4.x
Component: General Version: 4.3
Keywords: security, external_editor Cc:

Description (last modified by kleist) (diff)

external_edit.py python script raises

Unauthorized: You are not allowed to access 'aq_parent' in this context

if user can edit a content but have no access privileges on its parent

this can be fixed replacing external_edit by a view,

Change History

comment:1 Changed 4 years ago by kleist

  • Keywords security, external_editor added; securityexternaleditor removed
  • Status changed from new to confirmed
  • Component changed from Unknown to General
  • Description modified (diff)
Note: See TracTickets for help on using tickets.