You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a user has no (View, Access Contents Information) permission between the Plone root and another folder whre they do have permissions @@allow_upload fails (allow_upload is being called on the Site root)
Example:
/a/b/c
User has no access on b but is allowed in c, /@@allow_upload gets a 302.
What actually happened:
302 Errors visible in "Network" in Developer Tools (xhr)
What version of Plone/ Addons I am using:
Plone 6.0.11 and newer, plone.app.content 4.1.2
Possible reason
In plone.app.content 4.1.2 (and 4.1.8 i.e. master) we use restricted traverse, and it's unclear why - using unrestricted traverse might just fix this issue.
When a user has no (View, Access Contents Information) permission between the Plone root and another folder whre they do have permissions
@@allow_uploadfails (allow_upload is being called on the Site root)Example:
/a/b/c
User has no access on b but is allowed in c, /@@allow_upload gets a 302.
What actually happened:
302 Errors visible in "Network" in Developer Tools (xhr)
What version of Plone/ Addons I am using:
Plone 6.0.11 and newer, plone.app.content 4.1.2
Possible reason
In plone.app.content 4.1.2 (and 4.1.8 i.e. master) we use restricted traverse, and it's unclear why - using unrestricted traverse might just fix this issue.
https://github.com/plone/plone.app.content/blob/0eca90492d3e942fe84813861b6fb273fe405899/plone/app/content/browser/file.py#L193
The text was updated successfully, but these errors were encountered: