Bug found and fixed -
We are engaging another cyn.in space at the academy of fine arts in Vienna. We are using the downloaded version 3.1.1. Now when we set an internal link to an item that is only project-visible we encountered an "Insufficient Privileges" Error. I looked into the error logs and found the reason: "Unauthorized: You are not allowed to access 'title' in this contex". I looked into the code and found that in the template "links_macro.pt" the property "item/title" is being used. I was able to fix the error by using the property "item/Title" - which is accessible on a catalog object. Here's the patch, i hope you can apply it for future versions!
Index: src/ubify.cyninv2theme/ubify/cyninv2theme/skins/ubify_cyninv2theme_custom_templates/links_macro.pt =================================================================== --- src/ubify.cyninv2theme/ubify/cyninv2theme/skins/ubify_cyninv2theme_custom_templates/links_macro.pt +++ src/ubify.cyninv2theme/ubify/cyninv2theme/skins/ubify_cyninv2theme_custom_templates/links_macro.pt @@ -101,7 +101,7 @@ tal:attributes="href item_url;class string:relateditemlink" > <img tal:attributes="src item/icon" border="0"/> - <span tal:content="item/title" /> + <span tal:content="item/Title" /> </a></li> </ul> </div>
Now the "Linked Content" displays right and the security issue is solved. We are very happy with cyn.in here and once more want to express our kind regards to the cynapse team!
Georg Gogo. BERNHARD