Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-25280

ParentDepth Limitation fails on content creation

    XMLWordPrintable

    Details

      Description

      Steps to reproduce:

      Prepare environment:

      1. On "Users", create User Group "TestGroup";
      2. Inside "TestGroup", create user:

      username: test
      password: publish
      

      3. On "Roles", create role "Role", and enter it by clicking its link;
      4. Add policies:

      Module  |  Function     |  Limitation
      user      |  login          | No limitations
      content |  read          | No limitations
      content | versionread  | No limitations
      content |  create    | ParentDepth ( 3 )
      

      5. Assign the role "Role" to usergroup "TestGroup";
      6. On default landing page content "eZ Platform", create a folder content "FolderRoot" (will have depth=3);

      Test "ParentDepth" limitation:

      1. Logout as "admin" and login as "test" (you may need to reload the app after login to display the username on admin correctly);
      2. Open Firebug or similar dev tools and go to Network tab or wherever you can check HTTP Requests and Responses;
      3. On default landing page content "eZ Platform", try to create another content and publish it. You should not be able to, and you should see a notification:
      An error occurred while publishing the draft
      and dev tools Network tab shows permission "POST 401" error "User does not have access to (...)";
      4. Inside "FolderRoot", try to create another content (folder, for instance), and publish it. You should be able to (since you're trying to create under the parent depth you specified exactly, but instead, you'll still get (the same error):

      PUBLISH 401 Unauthorized
      
      - Params:
      {"ContentCreate":{"ContentType":{"_href":"/api/ezp/v2/content/types/1"},"mainLanguageCode":"eng-GB","LocationCreate":{"ParentLocation":{"_href":"/api/ezp/v2/content/locations/1/2"},"sortField":"PATH","sortOrder":"ASC"},"Section":null,"alwaysAvailable":true,"remoteId":null,"modificationDate":"2015-12-14T16:25:21.645Z","fields":{"field":[{"fieldDefinitionIdentifier":"name","fieldValue":"Meh"},{"fieldDefinitionIdentifier":"short_name","fieldValue":""},{"fieldDefinitionIdentifier":"short_description","fieldValue":{"xml":"<section xmlns=\"http://ez.no/namespaces/ezpublish5/xhtml5/edit\"/>"}},{"fieldDefinitionIdentifier":"description","fieldValue":{"xml":"<section xmlns=\"http://ez.no/namespaces/ezpublish5/xhtml5/edit\"/>"}}]}}}
      
      - Response:
      ErrorMessage:Object
          _media-type:"application/vnd.ez.api.ErrorMessage+json"
      	errorCode:401
      	errorMessage:"Unauthorized"
      	errorDescription:"User does not have access to 'create' 'content' with: parentLocationId '2', sectionId '1'"
      

      which is the same that would happen exactly if you'd try to publish under a depth which would otherwise be not permitted.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              rui.silva-obsolete@ez.no Rui Silva (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: