Image and document summary item don't take permissions into account for counting number of images/documents
See original GitHub issueSummary
The admin homepage summary items for documents and images don’t reflect on the permissions for collections. If a user has permission for any collection the numbers in the summary will show the total number of images/documents in the database. This leaks information to users that might not have permission to more than a single collection
Steps to Reproduce
- In any wagtail project with at least one collection more than the root collection create a user that does’nt have permission to the root collection but to at least one other collection
- Ensure there are images/documents in the root collection
- Sign in as the new user, when reaching the admin page the numbers telling the amount of images/documents in the system will render the total amount in the database, not what’s available to the user
Any other relevant information. For example, why do you consider this a bug and what did you expect to happen instead?
- I have confirmed that this issue can be reproduced as described on a fresh Wagtail project: yes
Technical details
- Python version: 3.7.2
- Django version: 2.1.7
- Wagtail version: 2-4
- Browser version: Firefox 65.0
Proposed solution
Update “get_context” method in “ImagesSummaryItem” in wagtail/images/wagtail_hooks.py according to:
def get_context(self):
# Fetch all collection user has any permission for to filter image counting
collections = permission_policy.collections_user_has_any_permission_for(self.request.user, ['add', 'change', 'delete'])
return {
'total_images': get_image_model().objects.filter(collection__in=collections).count(),
}
And similar for wagtail/documents/wagtail_hooks.py
Issue Analytics
- State:
- Created 5 years ago
- Comments:9 (4 by maintainers)
Top Results From Across the Web
A Writer's Guide to Fair Use and Permissions + Sample ...
Permissions is all about seeking permission to quote or excerpt other people's copyrighted work within your own. Here's when you need to ...
Read more >Tables, figures & images - APA 6th Referencing Style Guide
Any image or illustration in APA is treated as either a Table or a Figure. Tables are numerical values or text displayed in...
Read more >Scan images for OS vulnerabilities automatically
View the image vulnerabilities. Container Analysis scans new images when they're uploaded to Artifact Registry. This scan extracts information about the system ...
Read more >Manage large lists and libraries
Learn how to manage large lists and libraries for SharePoint 2013 and SharePoint 2016 on premise by planning and using key list and...
Read more >Field Service Mobile App Considerations - Salesforce Help
Images in rich text fields on a service report template or service appointment, work order, or work order line item page layout. The...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Thank you for your interest @SaptakS. @georgeyk was already keen on tackling this one so I reckon we can leave them some time and if they don’t complete it, you could have a go at it. But if you can’t wait getting started on something, maybe you can find something to tackle in the pool of Hacktoberfest issues.
Hi @georgeyk. Nobody else has expressed interest so far so go ahead. Good luck!