Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-25447

Handle content editing framework security

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Backlog
    • Priority: High
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      At the moment, the content/create route will always display the form, even to an anonymous user. If the user does not have permissions to create, the login form will be shown on submit.

      Unless there are special use-cases, the controller should only display the form if the user has permission to create.

      Note that according to feedback in EZP-25435, this would be a problem with HTTP cache with some policies (like ParentContent conditions).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              andre.romcke@ez.no André Rømcke
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: