Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-25540

As a Editor I want to be able to edit other peoples content

    XMLWordPrintable

    Details

      Description

      While 16.02 allows this as of EZP-25522 and with fixes to Release notes to tell Platform users how to configure roles to get it to work, some remaining issues remains:

      Design issue

      All backend editors needs access to user objects of other authors in order for author fields to not crash the editing.

      Bug

      Author field should have fallback to not break down (we should check this for all fields that load other content btw)

      Security Improvement

      Either we

      • A. need to strip out passwordHash and passwordHashType from REST response on User data (BC break, but as it is security it can be acceptable)
      • B. we need to have a slimmed down REST endpoint for loading user(s).
      • C. We accelerate FieldGroups (EZP-24119) work (making it native and making it possible to limit access rights on it)

      B. and C. might be considered most secure for customers that plan to put sensitive data on user object fields..

      Default Editor rights

      Platform currently has very crude role for editors, it just gives all "content" rights with no limitations. Given only tool we have to enforce good content architecture is content rights, this should be updated based on what is in Studio as soon as the design issue is solved.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              andre.romcke@ez.no André Rømcke
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated: