Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-24618

Fatal error in eZ Flow block when the user has no rights to object states and sections

    XMLWordPrintable

    Details

      Description

      If you try to open a landing page with an eZ Flow block, and the user doesn't have access to one of the items in the block, there will be an "UnauthorizedException" and the block won't be displayed:

      request.CRITICAL: Uncaught PHP Exception eZ\Publish\Core\Base\Exceptions\UnauthorizedException:
      "User does not have access to 'read' 'content' with: contentId '127'" at
      /var/www/001/Sites/eZ/530/vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/Repository/ContentService.php line 132
      {
      "exception":
      "[object]
      (eZ\\Publish\\Core\\Base\\Exceptions
      UnauthorizedException(code: 401):
      User does not have access to 'read' 'content' with: contentId '127'
      at /var/www/001/Sites/eZ/530/vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/Repository/ContentService.php:132)"
      }

      Steps to Reproduce

      1. Configure a new block in "ezpublish_legacy/settings/override/block.ini.append.php"
        block.ini.append.php
        [General]
        AllowedTypes[]=LatestContent6
        
        [LatestContent6]
        Name=Latest content 6 items
        NumberOfValidItems=6
        NumberOfArchivedItems=6
        ManualAddingOfItems=disabled
        FetchClass=eZFlowLatestContent
        FetchParameters[Source]=NodeID
        FetchParametersSelectionType[Source]=single
        FetchParametersIsRequired[Source]=true
        FetchParameters[Classes]=string
        FetchFixedParameters[Limit]=12
        ClassesList[]
        ClassesList[]=article
        ClassesList[]=landing_page
        ViewList[]=latest_content
        ViewName[latest_content]=Latest content
        
      2. Create a folder: "My Folder"
      3. Under "My Folder", crate three articles: "Article #001", "Article #003", "Article #003"
      4. Create a new section "Section No"
      5. Edit "Article #003" and set it to be part of "Section No"
      6. Create a landing page, add a "Latest content 6 items" block, and set its source to "My Folder"
      7. Execute the eZFlow crojob
        php ezpublish/console --env=prod ezpublish:legacy:script runcronjobs.php ezflow
        
      8. Open the landing page in the frontend with anonymous
      9. Confirm the exception in "cat ezpublish/logs/prod.log"

      Please notice that the item should just not to be displayed.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            eduardo.fernandes-obsolete@ez.no Eduardo Fernandes (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: