Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-27744

401 status when viewing objects with a user that has authorization to read all content

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Confirmed
    • Priority: High
    • Resolution: Unresolved
    • Affects Version/s: 1.7.4, 1.11.0, 1.10.1
    • Fix Version/s: QA tracked issues
    • Labels:
    • Environment:

      Operating System: Debian 8
      PHP Version: 5.6.30-0+deb8u1
      Database and version: Mysql 5.5.54-0+deb8u1
      Browser (and version): Firefox 54
      Env: Prod

      Description

      Steps to Reproduce

      -Create one folder "Folder1"
      -Create one role with the following policies:

      Module Function Limitation
      user login No limitations
      content read No limitations
      content versionread No limitations
      content create No limitations
      content publish No limitations

      -Create one user and assign it to the previously created role
      -Logout and login using the new user credentials
      -Open your developer tools or similar tool
      -Now try to view "Folder1"

      I can view it, but I have a 401 error. The error I have in dev tools is

      errorCode	401
      errorMessage	"Unauthorized"
      errorDescription	"User does not have access to 'view' 'section'"
      

      When I look into "Details" tab, "Section Details" , the section details information is empty.

      Note1: Even if I now try to create another object (Folder2), i still have the same error when viewing it.
      Note2: This does not happen

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                paulo.nunes-obsolete@ez.no Paulo Nunes (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: