Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-22028

Anonymous role in demo site package contains content/view_embed policy that is too wide

    Details

      Description

      Package ref: http://packages.ez.no/ezpublish/5.2/5.2.0/ezdemo_site.ezpkg
      Added in https://github.com/ezsystems/ezdemo/commit/b76ba26a84f5be7fed8d4689d331a916f70ac6b4

      Anonymous user having content/view_embed without limitations will cause embedding of content that it can not read. This includes relation links as well.

      The policy should probably be amended to mirror content/read policy.

        Issue Links

          Activity

          Show
          Yannick Roger (Inactive) added a comment - PR: https://github.com/ezsystems/ezdemo/pull/23
          Show
          Yannick Roger (Inactive) added a comment - Fixed in master: https://github.com/ezsystems/ezdemo/commit/9dfba49717779fe4609e76c723579dd11778ec66
          Hide
          Pedro Resende (Inactive) added a comment -

          Tested and approved by Q.A.

          Show
          Pedro Resende (Inactive) added a comment - Tested and approved by Q.A.

            People

            • Assignee:
              Unassigned
              Reporter:
              Petar Spanja (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 days, 50 minutes
                2d 50m