Details
-
Bug
-
Resolution: Duplicate
-
High
-
None
-
5.2, 5.3.4, 5.4.1
-
None
Description
There are no policies used to restrict viewing/listing of Content Types and Content Types Groups.
One should be added, and assigned by default (in demo data / clean dump) to the users who need it.
We must pay attention not to break anything when content types are fetched in Controllers or other anonymous runtime code.
Attachments
Issue Links
- duplicates
-
EZP-23877 As a User I expect that REST API use permissions to view ContentType(Group)
- Backlog