Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29248

Content/Remove with Node limitation allows to remove sub-items of CI

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Medium Medium
    • None
    • 2.1.1, 3.0.0-beta1, 2.5.3
    • None

    Description

      Preconditions:

      Existing CI named Products, path 'eZ Platform/Products', Products has got several sub-items

      Steps:

      1. Create new role with policies:

      • User/Login
      • User/Password
      • Content/Remove with limitation 'Node/Products'
      • Content/Read
      • Content/Versionread

      2. Create a user and assign it to the role
      3. Log in as a new user
      4. Go to eZ Platform/Products - Trash button is active on right sidebar
      5. Go to any sub-item view - Trash button is inactive
      6. Go back to eZ Platform/Products, click Trash button and confirm

      Actual result:

      CI is removed and its sub-items are removed as well. It should be forbidden, because user didn't have permissions to remove subitems. See attachment please - there is a message from eZ Publish which is shown in similar situation.

      Expected result:

      User is not allowed to remove CI with sub-items when he doesn't have rights to remove sub-items as well.

      Attachments

        1. image (1).png
          44 kB
          Barbara Grajczyk

        Activity

          People

            Unassigned Unassigned
            barbara.grajczyk@ez.no Barbara Grajczyk
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: