Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-21586

ContentTypeService::createContentType() does not check for any permissions

    Details

    • Sprint:
      Pollux Core S4

      Description

      This allows anyone with an access to API (eg. any non-anonymous user with REST configured to use session auth) to create ContentType draft.

      UnauthorizedException should be defined and implemented when user does not have access to create content type (class/create).

        Activity

        Gunnstein Lye logged work - 15/Jan/15 10:15 AM
        • Time Spent:
          1 hour
           

          .

        Gunnstein Lye logged work - 16/Jan/15 11:30 AM
        • Time Spent:
          5 hours, 30 minutes
           
          <No comment>
        Gunnstein Lye logged work - 19/Jan/15 9:40 AM
        • Time Spent:
          50 minutes
           
          <No comment>
        Gunnstein Lye logged work - 19/Jan/15 10:10 AM
        • Time Spent:
          30 minutes
           

          .

          People

          • Assignee:
            Unassigned
            Reporter:
            Petar Spanja (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0 minutes
              0m
              Logged:
              Time Spent - 7 hours, 50 minutes
              7h 50m

                Agile