Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-28615

Cannot check content/create permission with ContentCreateStruct without target location

    Details

      Description

      Whenever user has a role with subtree limitation and you don't pass $targets into `canUser` (for example: you are checking if user can create a content in language, you don't care about location yet).

      My code:

      $contentCreateStruct = new ContentCreateStruct(['mainLanguageCode' => $language->languageCode]);
      $this->permissionResolver->canUser('content', 'create', $contentCreateStruct);
      

      My use case is that I want to restrict language list for creating new content but I don't necessarily have Location to check with.

      Type error: Argument 2 passed to eZ\Publish\Core\Limitation\SubtreeLimitationType::evaluateForContentCreateStruct() must be of the type array, null given, called in /Users/maciejkobus/Projects/ezplatform-ee/vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/Limitation/SubtreeLimitationType.php on line 128 [in vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/Limitation/SubtreeLimitationType.php:178]
      

      This is caused because:
      1. PermissionResolver:canUser is overriding $targets to null if it's empty
      2. SubtreeLimitation::evaluateForContentCreateStruct is expecting an array but it's getting null.

      The comment in SubtreeLimitation::evaluateForContentCreateStruct reads

              // If targets is empty/null return false as user does not have access
              // to content w/o location with this limitation
              if (empty($targets)) {
                  return false;
              }
      


      However it never reaches that point. It would be an expected behavior in my case.

        Issue Links

          Activity

          Hide
          Andrzej Longosz added a comment - - edited
          Show
          Andrzej Longosz added a comment - - edited PR: https://github.com/ezsystems/ezpublish-kernel/pull/2204 merged into 6.7@ec31646 and up
          Hide
          Andrzej Longosz added a comment -

          Not sure if there's a way to do QA/acceptance test for this as related issue no longer relies on code causing the bug AFAIK
          // cc Marek Nocoń, Michał Szołtysek

          Show
          Andrzej Longosz added a comment - Not sure if there's a way to do QA/acceptance test for this as related issue no longer relies on code causing the bug AFAIK // cc Marek Nocoń , Michał Szołtysek

            People

            • Assignee:
              Unassigned
              Reporter:
              Maciej Kobus
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: