Details
-
Bug
-
Resolution: Fixed
-
Medium
-
4.2.0, 4.3.0, 4.4.0alpha1
-
None
-
eZ Publish 4.2.0 SP1
Description
If there is a module extension, having a FunctionList definition in module.php that can be used to limit permissions and the extension, the module is defined in, is only activated per siteaccess (ActiveAccessExtensions) then eZUser::generateAccessArray() will generate a wrong access array. If the role caching is enabled this will cause access denied error if the user switches from the siteaccess for which the extension is not active to a siteaccess for which the extension is active. This means another assumption is, that the two siteaccesses share the same session.
Steps to reproduce
Enable role caching
Disable SessionNamePerSiteAccess
Create a module with functions for limitation
Activate the module only for siteaccess A
For example edit the user account on siteaccess B
Switch back to siteaccess A and try to execute a view of the module
Result: Even an admin user is not able to execute the module's view