Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29494

Content/Remove with Owner limitation allows to remove sub-items of CI with different author

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: High High
    • None
    • 2.3.2, 2.4.0
    • None

    Description

      Steps:

      1. Create new role with policies:

      • User/Login
      • Content/Remove with limitation 'Owner/Self'
      • Content/Create
      • Content/Publish
      • Content/Read
      • Content/Versionread

      2. Create a user and assign it to the role
      3. Log in as a new user
      4. Create an Article (name: article1)
      5. Log out and log in as admin
      6. Go to article1 and create its child (name: article2)
      7. Log out and log in as a user from step 2
      8. Go to the article1 and click Send to Trash

      Actual result:

      article1 is removed and its child - article2 is removed as well.

      Expected result:

      It should be forbidden, because user didn't have permissions to remove CI with different owner

      Attachments

        Activity

          People

            Unassigned Unassigned
            barbara.grajczyk@ez.no Barbara Grajczyk
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: