[Mailman-Developers] [ Query ] Some bugs in postorius that needs to be addressed

Ankush Sharma ankush.sharma.ece12 at iitbhu.ac.in
Mon Apr 13 15:35:25 CEST 2015 

Sorry for the typo `good` is not required in the first line.

On Mon, Apr 13, 2015 at 7:01 PM, Ankush Sharma <
ankush.sharma.ece12 at iitbhu.ac.in> wrote:

> Hello everyone,
>
> I have found a good some bugs in postorius. Needs your review before
> fixing them.
>
> *1.* The *list_moderator* is not able to access the list of held messages
> as visiting at <base-url>/postorius/lists/<list-id>*/held_messages *gives
> a *403 *i.e *Forbidden* Status code because it is simply not allowed to
> access it. I have discussed the cause and fix for this issue here
> https://bugs.launchpad.net/postorius/+bug/1443433 .
> I am assuming the *list_owner* to be a *list_moderator* in my fix as
> indicated by
> http://bazaar.launchpad.net/~mailman-coders/postorius/trunk/view/head:/src/postorius/auth/decorators.py#L88
>
> *2.  *At
> http://bazaar.launchpad.net/~mailman-coders/postorius/trunk/view/head:/src/postorius/templates/postorius/menu/list_nav.html#L18 ; why
> a *list_moderator *is allowed to view the `*Mass Subscribe`* link on the
> list navigation bar ? Though clicking it will give a *403* again as he
> has not permission for it. I think it should be *list_owner. *
>
> *3. *The *list_navigation menu *containing the links to Info, Settings,
> Mass Subscribe, Delete etc. options for a list are only visible to the *super_user.
> *Though, a *list_owner *should be able to see these for his *owned lists *and
> similarly a *list_moderator *should be able to see the *held messages *option
> in his navigation menu. This can be fixed by replacing the line: http://bazaar.launchpad.net/~mailman-coders/postorius/trunk/view/head:/src/postorius/templates/postorius/lists/summary.html#L10
>  by
>
>      % if user.is_superuser or user.is_list_owner or user.is_moderator %}
>
> As we have a second level permission check before rendering the respective
> options implemented in the file :
> http://bazaar.launchpad.net/~mailman-coders/postorius/trunk/view/head:/src/postorius/templates/postorius/menu/list_nav.html
> <http://bazaar.launchpad.net/~mailman-coders/postorius/trunk/view/head:/src/postorius/templates/postorius/menu/list_nav.html#L18> .
> Doing this will cause proper person to see the options that he is allowed
> to do in his navigation menu. More on this here :
> https://bugs.launchpad.net/postorius/+bug/1443400
>
> Thanks,
>
> Ankush Sharma
> IIT-BHU,Varanasi
> India
> github.com/black-perl
>
>

More information about the Mailman-Developers mailing list