Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-26970

User logged in even if user doest not have right to login to this SA

    XMLWordPrintable

    Details

      Description

      Steps to reproduce:

      1. Login to the admin interface;
      2. Create a new user group called "Test";
      3. Create a new Role, also called "Test", with these policies:

      content|read|Section( Standard )
      content|read|Class( File , Image , Banner , Video ) , Section( Media )
      

      4. Assign the "Test" role to the "Test" user group;
      5. Create a new user called "John Smith", with username "jsmith", under the "Test" user group;
      6. Go to a frontend siteaccess (http://example.com/eng) and try to log in as the new user. You will be re-directed to http://example.com/eng/login_check, and a suitable error message will be displayed:

      Oops! An Error Occurred
      The server returned a "403 Forbidden".
      Something is broken. Please let us know what you were doing when this error occurred. We will fix it as soon as possible. Sorry for any inconvenience caused.
      

      Note: on "dev" environment, the error message is more informative:

      User 'jsmith' doesn't have user/login permission to SiteAccess 'eng'
      403 Forbidden - AccessDeniedHttpException
      1 linked Exception: UnauthorizedSiteAccessException ยป
      

      Up to this point, this is the expected behavior.

      7. Then, remove the /login_check from the URL, and you will get the same error instead of displaying the homepage, as would be expected.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            nuno.oliveira-obsolete@ez.no Nuno Oliveira (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: