Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-21586

ContentTypeService::createContentType() does not check for any permissions

    Details

    • Sprint:
      Pollux Core S4

      Description

      This allows anyone with an access to API (eg. any non-anonymous user with REST configured to use session auth) to create ContentType draft.

      UnauthorizedException should be defined and implemented when user does not have access to create content type (class/create).

        Activity

        Petar Spanja (Inactive) created issue -
        Petar Spanja (Inactive) made changes -
        Field Original Value New Value
        Labels api ezpublish5 services api ezpublish5 permissions services
        Component/s Permissions [ 10306 ]
        André Rømcke made changes -
        Status Open [ 1 ] Confirmed [ 10037 ]
        André Rømcke made changes -
        Status Confirmed [ 10037 ] Backlog [ 10000 ]
        André Rømcke made changes -
        Status Backlog [ 10000 ] InputQ [ 10001 ]
        André Rømcke made changes -
        Sprint Pollux Core S4 [ 54 ]
        André Rømcke made changes -
        Rank Ranked higher
        Gunnstein Lye logged work - 15/Jan/15 10:15 AM
        • Time Spent:
          1 hour
           

          .

        Gunnstein Lye made changes -
        Assignee Gunnstein Lye [ gunnstein.lye@ez.no ]
        Gunnstein Lye made changes -
        Remaining Estimate 0 minutes [ 0 ]
        Time Spent 1 hour [ 3600 ]
        Worklog Id 52617 [ 52617 ]
        Gunnstein Lye made changes -
        Status InputQ [ 10001 ] Development [ 3 ]
        Gunnstein Lye logged work - 16/Jan/15 11:30 AM
        • Time Spent:
          5 hours, 30 minutes
           
          <No comment>
        Show
        Gunnstein Lye added a comment - PR: https://github.com/ezsystems/ezpublish-kernel/pull/1142
        Gunnstein Lye made changes -
        Time Spent 1 hour [ 3600 ] 6 hours, 30 minutes [ 23400 ]
        Worklog Id 52641 [ 52641 ]
        Gunnstein Lye made changes -
        Status Development [ 3 ] Development review [ 10006 ]
        Gunnstein Lye logged work - 19/Jan/15 9:40 AM
        • Time Spent:
          50 minutes
           
          <No comment>
        Gunnstein Lye logged work - 19/Jan/15 10:10 AM
        • Time Spent:
          30 minutes
           

          .

        Gunnstein Lye made changes -
        Time Spent 6 hours, 30 minutes [ 23400 ] 7 hours [ 25200 ]
        Worklog Id 52674 [ 52674 ]
        Gunnstein Lye made changes -
        Status Development review [ 10006 ] Development Review done [ 10028 ]
        Show
        Gunnstein Lye added a comment - Fixed in master: https://github.com/ezsystems/ezpublish-kernel/commit/7569cb81fa274c6509a6f2586f1d0c753630a44b
        Gunnstein Lye made changes -
        Affects Version/s 5.4.1 [ 13886 ]
        Affects Version/s 5.3.4 [ 13879 ]
        Affects Version/s 5.2 [ 12582 ]
        Gunnstein Lye made changes -
        Fix Version/s 5.0 Maintenance [ 11287 ]
        Fix Version/s 5.1 Maintenance [ 12301 ]
        Fix Version/s 5.2 Maintenance [ 12782 ]
        Fix Version/s 5.3.5 [ 13889 ]
        Fix Version/s 5.4.2 [ 13979 ]
        Gunnstein Lye made changes -
        Time Spent 7 hours [ 25200 ] 7 hours, 50 minutes [ 28200 ]
        Worklog Id 52676 [ 52676 ]
        Gunnstein Lye made changes -
        Status Development Review done [ 10028 ] Documentation done [ 10011 ]
        Ricardo Correia (Inactive) made changes -
        Status Documentation done [ 10011 ] QA [ 10008 ]
        Assignee Gunnstein Lye [ gunnstein.lye@ez.no ] Ricardo Correia [ ricardo.correia@ez.no ]
        Gunnstein Lye made changes -
        Fix Version/s 2015.01 [ 13680 ]
        Hide
        Ricardo Correia (Inactive) added a comment -

        QA Approved.

        Show
        Ricardo Correia (Inactive) added a comment - QA Approved.
        Ricardo Correia (Inactive) made changes -
        Assignee Ricardo Correia [ ricardo.correia@ez.no ]
        Status QA [ 10008 ] Closed [ 6 ]
        Resolution Fixed [ 1 ]
        André Rømcke made changes -
        Workflow eZ Engineering Scrumban Workflow [ 59028 ] EZ* Development Workflow [ 84252 ]
        Alex Schuster made changes -
        Workflow EZ* Development Workflow [ 84252 ] EZEE Development Workflow [ 122898 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Confirmed Confirmed
        480d 21h 28m 1 André Rømcke 12/Jan/15 11:36 AM
        Confirmed Confirmed Backlog Backlog
        3s 1 André Rømcke 12/Jan/15 11:36 AM
        Backlog Backlog InputQ InputQ
        5s 1 André Rømcke 12/Jan/15 11:36 AM
        InputQ InputQ Development Development
        3d 6h 14m 1 Gunnstein Lye 15/Jan/15 5:51 PM
        Development Development Development Review Development Review
        23h 7m 1 Gunnstein Lye 16/Jan/15 4:58 PM
        Development Review Development Review Development Review done Development Review done
        2d 18h 40m 1 Gunnstein Lye 19/Jan/15 11:39 AM
        Development Review done Development Review done Documentation Review done Documentation Review done
        2h 11m 1 Gunnstein Lye 19/Jan/15 1:50 PM
        Documentation Review done Documentation Review done QA QA
        1d 20h 4m 1 ricardo.correia@ez.no 21/Jan/15 9:55 AM
        QA QA Closed Closed
        15d 6h 24m 1 ricardo.correia@ez.no 05/Feb/15 4:19 PM

          People

          • Assignee:
            Unassigned
            Reporter:
            Petar Spanja (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0 minutes
              0m
              Logged:
              Time Spent - 7 hours, 50 minutes
              7h 50m

                Agile