Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-26542

Create button allows user to create unallowed content

    XMLWordPrintable

    Details

      Description

      In eZ Platform Admin interface, the CREATE button in the right side bar won't consider the user permissions, showing all the existent content types and allowing the user to start the creation of new content objects of classes he should not be able to create.

      Steps to reproduce

      • Create a new Test role with the following policies
        Module Function Limitation
        user login No limitations
        content read No limitations
        content create Class( 16 ), Subtree( /1/2/112/ )
      • Create a new Test user group and assign the Test role to it.
      • Create a new usr_test user in the Test user group.
      • Log in with usr_test
      • Open anywhere outside the /1/2/112/ subtree_ and click on the create button
      • From here, if you try to save, publish or preview the draft you will fall into the EZP-26543 issue.

      First, since you don't have permissions to create anything in your location, the CREATE button should be disable just like the Move button.

      Second, clicking the CREATE button shouldn't let you to choose classes you don't have access

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              eduardo.fernandes-obsolete@ez.no Eduardo Fernandes (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: