Details
-
Bug
-
Resolution: Invalid
-
High
-
4.4.0, 4.5.0, 4.6.0, 4.7.0, 5.0, 5.1, 5.2, 5.3.1
-
None
-
eZ Publish 5.2
-
Castor Core S3
Description
Steps to reproduce:
1. Log in to admin interface, and check the policies that are defined by default for the "Member" role:
Module Function Limitation ====== ======== ========== content create Class( Forum topic ) , Section( Standard ) , ParentClass( Forum ) content create Class( Forum reply ) , Section( Standard ) , ParentClass( Forum topic ) content create Class( Comment ) , Section( Standard ) , ParentClass( Article , Blog post ) content edit Class( Comment , Forum topic , Forum reply ) , Section( Standard ) , Owner( Self ) ezjscore call No limitations notification use No limitations use password No limitations user selfedit No limitations
2. Create a new user for the existing "Member" role;
3. Log in to the frontend interface as the newly created Member user;
4. On the top-right corner, there are a few options available for that user: Tag cloud, Site map, My Profile and Logout( <user> ). Select "My Profile";
5. The user profile page displays various information (username, e-mail, name) and there are two buttons: "Edit profile" and "Change password". Click on "Edit profile";
6. The next screen allows you to edit various details of the user profile, which is correct;
7. Back on the admin interface, edit the "Member" role and remove all "content/create" and "content/edit" policies;
8. On the frontend, go to the user profile edit page (see point 6). You will get the following error:
Access denied You do not have permission to access this area. Possible reasons for this are: Your current user does not have the proper privileges to access this page. You misspelled some parts of your URL, try changing it.