Details
-
Bug
-
Resolution: Fixed
-
High
-
5.0, 5.1, 5.2-alpha1, 5.2, 5.3.4, 5.4.1
-
Pollux Core S4
Description
This allows anyone with an access to API (eg. any non-anonymous user with REST configured to use session auth) to create ContentType draft.
UnauthorizedException should be defined and implemented when user does not have access to create content type (class/create).