Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29019

Content / Manage locations limitations are not respected

    XMLWordPrintable

    Details

      Description

      The customer observed error with "Content / Manage locations" policy. Editors are able to remove content which wasn't created by them or are in the wrong state even though the mentioned policy is under following limitations:

      Owner: Self
      State: Lock: Locked

      Steps to reproduce:
      1. Create a new role and add the policies which are presented on attached screenshots.
      2. Add the following limitations to "Content / Manage locations" policy : State: Lock: Locked, Owner: Self
      3. Assign created role to a new user
      4. Note that this user can still delete objects with the state "not_locked" and objects that aren't created by this user.

      Expected behavior: button 'Send to Trash' should be disabled.

      It seems that $canDelete should be also taken into account when \EzSystems\EzPlatformAdminUi\Menu\ContentRightSidebarBuilder::ITEM__SEND_TO_TRASH is builded. Source code: https://github.com/ezsystems/ezplatform-admin-ui/blob/v1.0.2.2/src/lib/Menu/ContentRightSidebarBuilder.php#L186

        Attachments

        1. policies_1.png
          policies_1.png
          64 kB
        2. policies_2.png
          policies_2.png
          67 kB
        3. policies_3.png
          policies_3.png
          25 kB

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              konrad.oboza@ez.no Konrad Oboza
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: