Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-17219

Policy "section/assign" does not uphold subtree limitation

    XMLWordPrintable

    Details

      Description

      eZ Publish allows you to limit roles (hence also policies) to only be active in subtrees of the content tree. However this limitation does not work for the "Section/Assign" policy.

      Instead a user with a "Section/Assign" policy can assign sections to any node regardless of subtree limitations. See steps to reproduce for an example.

      Steps to reproduce

      As admin Create two new roles:

      1. A role called "basic role" with unlimited "Content/Read" and unlimited "User/Login"
      policies.

      2. Another role called "section role" with unlimited "Section/Assign" and unlimited
      "Section/View".

      3. Create a user group and a test user in it. Call the user "tester".

      4. Assign "basic role" to "tester".

      5. Click "Setup" -> "Roles and policies". Click on the "section role" role. Choose
      "subtree" from the dropdown and click the "Assign with limitation" button.

      6. Choose a content node and then the "tester" user when asked.

      7. Log out as admin, login as "tester".

      8. Click "Setup" -> "Sections".

      9. From here you can assign any section to any node, when in fact you should only
      be able to assign a section to the node you chose in (6).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                pa@ez.no Patrick Allaert
                Reporter:
                lars.warholm Disabled User
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: