Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-25280

ParentDepth Limitation fails on content creation

    XMLWordPrintable

Details

    Description

      Steps to reproduce:

      Prepare environment:

      1. On "Users", create User Group "TestGroup";
      2. Inside "TestGroup", create user:

      username: test
password: publish

      3. On "Roles", create role "Role", and enter it by clicking its link;
      4. Add policies:

      Module  |  Function     |  Limitation
user      |  login          | No limitations
content |  read          | No limitations
content | versionread  | No limitations
content |  create    | ParentDepth ( 3 )

      5. Assign the role "Role" to usergroup "TestGroup";
      6. On default landing page content "eZ Platform", create a folder content "FolderRoot" (will have depth=3);

      Test "ParentDepth" limitation:

      1. Logout as "admin" and login as "test" (you may need to reload the app after login to display the username on admin correctly);
      2. Open Firebug or similar dev tools and go to Network tab or wherever you can check HTTP Requests and Responses;
      3. On default landing page content "eZ Platform", try to create another content and publish it. You should not be able to, and you should see a notification:
      An error occurred while publishing the draft
      and dev tools Network tab shows permission "POST 401" error "User does not have access to (...)";
      4. Inside "FolderRoot", try to create another content (folder, for instance), and publish it. You should be able to (since you're trying to create under the parent depth you specified exactly, but instead, you'll still get (the same error):

      PUBLISH 401 Unauthorized

      - Params:
{"ContentCreate":{"ContentType":{"_href":"/api/ezp/v2/content/types/1"},"mainLanguageCode":"eng-GB","LocationCreate":{"ParentLocation":{"_href":"/api/ezp/v2/content/locations/1/2"},"sortField":"PATH","sortOrder":"ASC"},"Section":null,"alwaysAvailable":true,"remoteId":null,"modificationDate":"2015-12-14T16:25:21.645Z","fields":{"field":[{"fieldDefinitionIdentifier":"name","fieldValue":"Meh"},{"fieldDefinitionIdentifier":"short_name","fieldValue":""},{"fieldDefinitionIdentifier":"short_description","fieldValue":{"xml":"<section xmlns=\"http://ez.no/namespaces/ezpublish5/xhtml5/edit\"/>"}},{"fieldDefinitionIdentifier":"description","fieldValue":{"xml":"<section xmlns=\"http://ez.no/namespaces/ezpublish5/xhtml5/edit\"/>"}}]}}}

      - Response:
ErrorMessage:Object
    _media-type:"application/vnd.ez.api.ErrorMessage+json"
	errorCode:401
	errorMessage:"Unauthorized"
	errorDescription:"User does not have access to 'create' 'content' with: parentLocationId '2', sectionId '1'"

      which is the same that would happen exactly if you'd try to publish under a depth which would otherwise be not permitted.

      Attachments

        Activity

          People

            Unassigned Unassigned
            rui.silva-obsolete@ez.no Rui Silva (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: