Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-25789

Editors access to own user and read all user meta info for author field type

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Backlog
    • Priority: High
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None

      Description

      Current policies setup does not allow users from Editors user group to edit content. User does not have access to REST endpoint http://ezs.dev/api/ezp/v2/user/users/14 - 401 (Unauthorized)

      There is two issues:

      • new user menu in platform needs to load "self" to display your user name
      • author field type loads assigned user to display name (and probably also email)

      However editor does not always have access to this, and in legacy you did not have to as this was just fetched in templates and did not go over API which checks permissions.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                lukasz.serwatka@ez.no Ɓukasz Serwatka
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated: