Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-21586

ContentTypeService::createContentType() does not check for any permissions

    Details

    • Sprint:
      Pollux Core S4

      Description

      This allows anyone with an access to API (eg. any non-anonymous user with REST configured to use session auth) to create ContentType draft.

      UnauthorizedException should be defined and implemented when user does not have access to create content type (class/create).

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Confirmed Confirmed
        480d 21h 28m 1 André Rømcke 12/Jan/15 11:36 AM
        Confirmed Confirmed Backlog Backlog
        3s 1 André Rømcke 12/Jan/15 11:36 AM
        Backlog Backlog InputQ InputQ
        5s 1 André Rømcke 12/Jan/15 11:36 AM
        InputQ InputQ Development Development
        3d 6h 14m 1 Gunnstein Lye 15/Jan/15 5:51 PM
        Development Development Development Review Development Review
        23h 7m 1 Gunnstein Lye 16/Jan/15 4:58 PM
        Development Review Development Review Development Review done Development Review done
        2d 18h 40m 1 Gunnstein Lye 19/Jan/15 11:39 AM
        Development Review done Development Review done Documentation Review done Documentation Review done
        2h 11m 1 Gunnstein Lye 19/Jan/15 1:50 PM
        Documentation Review done Documentation Review done QA QA
        1d 20h 4m 1 ricardo.correia@ez.no 21/Jan/15 9:55 AM
        QA QA Closed Closed
        15d 6h 24m 1 ricardo.correia@ez.no 05/Feb/15 4:19 PM

          People

          • Assignee:
            Unassigned
            Reporter:
            Petar Spanja (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0 minutes
              0m
              Logged:
              Time Spent - 7 hours, 50 minutes
              7h 50m

                Agile