Details
-
Story
-
Resolution: Won't Fix
-
High
-
None
-
None
-
None
-
None
Description
`ContentEditController::createWithoutDraftAction()`, added in EZP-25100, does not check if the user has permission to create this content type in that location / language.
Given that HTTP cache is per role, it can be checked without impacting HTTP caching.
Attachments
Issue Links
- relates to
-
EZP-25447 Handle content editing framework security
- Backlog