Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-23132

"user/selfedit" policy requires at least one "content/create" or one "content/edit" policy

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: High High
    • Resolution: Invalid
    • Affects Version/s: 4.4.0, 4.5.0, 4.6.0, 4.7.0, 5.0, 5.1, 5.2, 5.3.1
    • Fix Version/s: Customer request
    • Labels:
      None
    • Environment:

      eZ Publish 5.2

    • Sprint:
      Castor Core S3

      Description

      Steps to reproduce:

      1. Log in to admin interface, and check the policies that are defined by default for the "Member" role:

      Module		Function	Limitation
      ======		========	==========
      content		create		Class( Forum topic ) , Section( Standard ) , ParentClass( Forum )
      content		create		Class( Forum reply ) , Section( Standard ) , ParentClass( Forum topic )
      content		create		Class( Comment ) , Section( Standard ) , ParentClass( Article , Blog post )
      content		edit		Class( Comment , Forum topic , Forum reply ) , Section( Standard ) , Owner( Self )
      ezjscore	call		No limitations
      notification	use		No limitations
      use		password	No limitations
      user		selfedit	No limitations
      

      2. Create a new user for the existing "Member" role;
      3. Log in to the frontend interface as the newly created Member user;
      4. On the top-right corner, there are a few options available for that user: Tag cloud, Site map, My Profile and Logout( <user> ). Select "My Profile";
      5. The user profile page displays various information (username, e-mail, name) and there are two buttons: "Edit profile" and "Change password". Click on "Edit profile";
      6. The next screen allows you to edit various details of the user profile, which is correct;
      7. Back on the admin interface, edit the "Member" role and remove all "content/create" and "content/edit" policies;
      8. On the frontend, go to the user profile edit page (see point 6). You will get the following error:

      Access denied
      You do not have permission to access this area.
       
      Possible reasons for this are:
       
      Your current user does not have the proper privileges to access this page.
      You misspelled some parts of your URL, try changing it.
      

        Issue Links

          Activity

          Hide
          Gunnstein Lye added a comment -

          Attached hack that solves the problem, but is not exactly elegant. Not sure this is the way to go.

          Show
          Gunnstein Lye added a comment - Attached hack that solves the problem, but is not exactly elegant. Not sure this is the way to go.
          Hide
          Gunnstein Lye added a comment -

          Pull request with a performance optimised version of the attached hack: https://github.com/ezsystems/ezpublish-legacy/pull/1031

          Show
          Gunnstein Lye added a comment - Pull request with a performance optimised version of the attached hack: https://github.com/ezsystems/ezpublish-legacy/pull/1031
          Hide
          Gunnstein Lye added a comment -

          Closing as invalid, since the original reporter's claim that:
          "with "content/edit/userclass/own" policy, a user won't be allowed to selfedit if the account is created by an administrator."
          is not correct. This policy grants access for a user to selfedit even if the account is created by someone else.

          Show
          Gunnstein Lye added a comment - Closing as invalid, since the original reporter's claim that: "with "content/edit/userclass/own" policy, a user won't be allowed to selfedit if the account is created by an administrator." is not correct. This policy grants access for a user to selfedit even if the account is created by someone else.

            People

            • Assignee:
              Unassigned
              Reporter:
              Nuno Oliveira (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 2 days Original Estimate - 2 days
                2d
                Remaining:
                Time Spent - 1 day, 4 hours Remaining Estimate - 1 day, 5 hours
                1d 5h
                Logged:
                Time Spent - 1 day, 4 hours Remaining Estimate - 1 day, 5 hours
                1d 4h

                  Agile