Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-27528

Multiple StateGroup limitations in one policy combine with the "or" relationship instead of the "and" one

    Details

      Description

      When using multiple StateGroup limitations in one policy they combine using the "or" relationship instead of the "and" one. This means only one of these limitations must apply in order for the policy to work. Other limitations combine using the "and" relationship. Also, quoting the documentation (https://doc.ez.no/display/DEVELOPER/Repository#Repository-Overview): "Note that Policies on one Role are connected with the and relation, not or, so when Policy has more than one Limitation, all of them have to apply".

      Steps to reproduce:

      1. Create fresh eZ Publish 5.4.10 installation.
      2. Create two object states groups with two object states each:
        • In the backoffice, go to Setup/States tab.
        • Create two object states groups there, named for example "group_one" and "group_two".
        • In "group_one" create two object states, named for example "group_one_state_one" and "group_one_state_two".
        • In "group_two" create two object states, named for example "group_two_state_one" and "group_two_state_two".
      3. Create a new Content object and change one of its Content States:
        • In the backoffice go to the "Content structure" tab.
        • Create new Article as the Subitem of the "Home" Content Object and name it "Test". Publish it.
        • For the "Test" Content Object, in the "Details" tab, change the Content States so that it has "group_one_state_one" and "group_two_state_two" Content States set, respectively.
      4. Add two limitations for content read policy for Anonymous, where only one is applying for "Test" Content Object:
        • In the backoffice go to the User accounts/Roles and policies tab. Edit Anonymous role.
        • Edit the "content - read - Section" policy there.
        • Set "group_one_state_one" under the "StateGroup_group_one" and "group_two_state_one" under the "StateGroup_group_two". Notice that only one of these limitations will apply for the "Test" Content Object. Click "OK" and then "Save".
      5. Logout from the backoffice.
      6. Go to your frontoffice, to your-site.dev/Test. Notice that you have access despite being Anonymous. Correct behaviour: you should have been redirected to the "login" page.

        Activity

        Show
        Jacek Foremski (Inactive) added a comment - PR: https://github.com/ezsystems/ezpublish-kernel/pull/2035
        Hide
        Andy Caiger added a comment -

        Could you provide a patch against 5.4.10 ?

        Thanks!

        Show
        Andy Caiger added a comment - Could you provide a patch against 5.4.10 ? Thanks!
        Hide
        Jacek Foremski (Inactive) added a comment - - edited

        Andy Caiger Sure, as soon as it's ready.

        Show
        Jacek Foremski (Inactive) added a comment - - edited Andy Caiger Sure, as soon as it's ready.
        Hide
        Eduardo Fernandes (Inactive) added a comment - - edited

        PR: QA Tested and approved

        Show
        Eduardo Fernandes (Inactive) added a comment - - edited PR: QA Tested and approved
        Show
        André Rømcke added a comment - Merged: https://github.com/ezsystems/ezpublish-kernel/commit/04471235b5755833f91c1b7f6973be79214c50bc
        Hide
        Eduardo Fernandes (Inactive) added a comment -

        QA Tested and approved

        Show
        Eduardo Fernandes (Inactive) added a comment - QA Tested and approved

          People

          • Assignee:
            Unassigned
            Reporter:
            Jacek Foremski (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: