Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-25435

Add permission check on /content/create

    XMLWordPrintable

Details

    • Icon: Story Story
    • Resolution: Won't Fix
    • Icon: High High
    • None
    • None
    • None
    • None

    Description

      `ContentEditController::createWithoutDraftAction()`, added in EZP-25100, does not check if the user has permission to create this content type in that location / language.

      Given that HTTP cache is per role, it can be checked without impacting HTTP caching.

      Attachments

        Activity

          People

            Unassigned Unassigned
            bertrand.dunogier@ibexa.co Bertrand Dunogier
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: