<sortable-collection> does not check edit permissions on the position
Reported by Henry Baragar | April 8th, 2010 @ 04:54 AM
I have an application where there is a group of users that is allowed to change fields other than the "position" field in a "act_as_list" model. That is, when they are presented with a they should not see the arrows for rearranging the order of the records.
I think that the following line in :
<div class='ordering-handle' param='handle' if='&can_edit?'>↑<br/>↓</div>
should be changed to:
<div class='ordering-handle' param='handle' if='&can_edit? :position'>↑<br/>↓</div>
or maybe to:
<div class='ordering-handle' param='handle' if='&can_edit? position_field'>↑<br/>↓</div>
where "position_field" is defined as:
position_field = (attributes[:position] || 'position').to_symbol
so that a different 'position' field can be specified.Comments and changes to this ticket
-
Bryan Larsen April 13th, 2010 @ 05:50 PM
- State changed from new to resolved
(from [8dc3d97fefe1fc81e03acad538d9436373ff03f5]) [#692 state:resolved] check permissions for position column for sortable-collection http://github.com/tablatom/hobo/commit/8dc3d97fefe1fc81e03acad538d9...
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
People watching this ticket
- Nobody is watching this ticket.
Tags
Referenced by
- 692 <sortable-collection> does not check edit permissions on the position (from [8dc3d97fefe1fc81e03acad538d9436373ff03f5]) [#692 s...