Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29248

Content/Remove with Node limitation allows to remove sub-items of CI

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Obsolete
    • Affects Version/s: 2.1.1, 3.0.0-beta1, 2.5.3
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      Preconditions:

      Existing CI named Products, path 'eZ Platform/Products', Products has got several sub-items

      Steps:

      1. Create new role with policies:

      • User/Login
      • User/Password
      • Content/Remove with limitation 'Node/Products'
      • Content/Read
      • Content/Versionread

      2. Create a user and assign it to the role
      3. Log in as a new user
      4. Go to eZ Platform/Products - Trash button is active on right sidebar
      5. Go to any sub-item view - Trash button is inactive
      6. Go back to eZ Platform/Products, click Trash button and confirm

      Actual result:

      CI is removed and its sub-items are removed as well. It should be forbidden, because user didn't have permissions to remove subitems. See attachment please - there is a message from eZ Publish which is shown in similar situation.

      Expected result:

      User is not allowed to remove CI with sub-items when he doesn't have rights to remove sub-items as well.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              barbara.grajczyk@ez.no Barbara Grajczyk
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: