Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-21586

ContentTypeService::createContentType() does not check for any permissions

    XMLWordPrintable

Details

    • Pollux Core S4

    Description

      This allows anyone with an access to API (eg. any non-anonymous user with REST configured to use session auth) to create ContentType draft.

      UnauthorizedException should be defined and implemented when user does not have access to create content type (class/create).

      Attachments

        Activity

          People

            Unassigned Unassigned
            petar.spanja-obsolete@ez.no Petar Spanja (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 7 hours, 50 minutes
                7h 50m