Tiki calendar object permissions do not work properly. (Or, I am not understanding how they should work correctly.)
It is my understanding that object permissions should override global permissions. In the case of calendar, this means that if there are no global permissions granted, but there are object permissions set on a calendar, the calendar should comply with the object permissions. This is not how calendar currently works.
In order for a user to add an item to a calendar, they must have the add item permission in global permissions, regardless of whether the object permissions grant them that permission.
In the snapshot below, I have it set up as follows to demonstrate this.
User: admin
PW: 12345
User: reg
PW: 12345
Member: Registered
Registered is granted no calendar related permissions globally.
I created a calendar "test" and granted Registered add, change, browse, and view calendar permissions in the object permissions.
User "reg" is unable to add items (button does not appear) to calendar "test" from tiki-calendar.php?calIds=1
I believe that "reg" should be able to add items, as the object permissions allow them to, regardless of global permissions. Note that the view permission seems to be working correctly on the object level of permissions for calendar, as "reg" is still able to view the calendar, though that permission is not granted globally.
Let me know if I'm just crazy and over-thought this into a dumb
To help developers solve the bug, we kindly request that you demonstrate your bug on a show2.tiki.org instance. To start, simply select a version and click on "Create show2.tiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show2.tiki.org.
The URL for the show.tikiwiki.org instance that demonstrates this bug is at: http://jcarter-11387-4807.show.tikiwiki.org. Note that if you get a popup asking for a username/password, please just enter "show" and "show". This is different from the initial login and password for a new Tiki which is "admin" and "admin".
For the install log, see http://jcarter-11387-4807.show.tikiwiki.org/info.txt
Note that if you see PHP errors or a Tiki claiming to be missing third party software, the instance creation is probably not finished. Please wait a couple minutes and reload.
Snapshots are database dumps of the configuration that developers can download for debugging. Once you have reproduced your bug on the show.tikiwiki.org instance, create a snapshot that can then be downloaded by developers for further investigation.
Snapshots can be accessed at: http://jcarter-11387-4807.show.tikiwiki.org/snapshots/. Note that if you get a popup asking for a username/password, please just enter "show" and "show".
Create new snapshotfilename | created | hits | comment | version | filetype | ||
---|---|---|---|---|---|---|---|
No attachments for this item |