Details
-
Bug
-
Resolution: Fixed
-
High
-
None
-
None
Description
When you're logged as non-administrator user and ask for variation of your profile image (AJAX call to ie./api/ezp/v2/content/binary/images/102-491/variations/platformui_profileview) you get Unauthorized 401 error ie.
{ "ErrorMessage": { "_media-type": "application\/vnd.ez.api.ErrorMessage+json", "errorCode": 401, "errorMessage": "Unauthorized", "errorDescription": "User does not have access to 'read' 'content' with: contentId '102'", "trace": "#0 \/usr\/local\/var\/www\/ezs.dev\/vendor\/ezsystems\/ezpublish-kernel\/eZ\/Publish\/Core\/Repository\/ContentService.php(230): eZ\\Publish\\Core\\Repository\\ContentService->loadContentInfo(102)\n#1 \/usr\/local\/var\/www\/ezs.dev\/vendor\/ezsystems\/ezpublish-kernel\/eZ\/Publish\/Core\/Repository\/ContentService.php(211): eZ\\Publish\\Core\\Repository\\ContentService->loadVersionInfoById(102, NULL)\n#2 \/usr\/local\/var\/www\/ezs.dev\/vendor\/ezsystems\/ezpublish-kernel\/eZ\/Publish\/Core\/SignalSlot\/ContentService.php(120): eZ\\Publish\\Core\\Repository\\ContentService->loadVersionInfo(Object(eZ\\Publish\\API\\Repository\\Values\\Content\\ContentInfo), NULL)\n#3 \/usr\/local\/var\/www\/ezs.dev\/vendor\/ezsystems\/ezpublish-kernel\/eZ\/Publish\/Core\/REST\/Server\/Controller\/BinaryContent.php(73): eZ\\Publish\\Core\\SignalSlot\\ContentService->loadVersionInfo(Object(eZ\\Publish\\API\\Repository\\Values\\Content\\ContentInfo))\n#4 [internal function]: eZ\\Publish\\Core\\REST\\Server\\Controller\\BinaryContent->getImageVariation('102-491', 'platformui_prof...')\n#5 \/usr\/local\/var\/www\/ezs.dev\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php(139): call_user_func_array(Array, Array)\n#6 \/usr\/local\/var\/www\/ezs.dev\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php(62): Symfony\\Component\\HttpKernel\\HttpKernel->handleRaw(Object(Symfony\\Component\\HttpFoundation\\Request), 1)\n#7 \/usr\/local\/var\/www\/ezs.dev\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/DependencyInjection\/ContainerAwareHttpKernel.php(69): Symfony\\Component\\HttpKernel\\HttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#8 \/usr\/local\/var\/www\/ezs.dev\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/Kernel.php(184): Symfony\\Component\\HttpKernel\\DependencyInjection\\ContainerAwareHttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#9 \/usr\/local\/var\/www\/ezs.dev\/web\/app.php(66): Symfony\\Component\\HttpKernel\\Kernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request))\n#10 {main}", "file": "\/usr\/local\/var\/www\/ezs.dev\/vendor\/ezsystems\/ezpublish-kernel\/eZ\/Publish\/Core\/Repository\/ContentService.php", "line": 138 } }
BinaryContent::getImageVariation() use loadContent() and loadVersionInfo() methods that check users permissions to read content, whitch fails for common users (like editors or members), because being able to read User contenttype objects is permission restricted to administrator(-like) users.
Attachments
Issue Links
- is duplicated by
-
EZEE-567 Users in Editors group cannot edit existing content items
- Closed
- relates to
-
EZP-24753 Only possible to login to platformUI with an Admin user
- Closed
-
EZP-25446 Add the user profile in the navigation hub
- Closed
-
EZP-25540 As a Editor I want to be able to edit other peoples content
- Backlog
- links to