Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: Customer request, 1.7.9, 1.13.5, 2.2.4, 2.3.3, 2.5.0-beta1, 2.4.3
Affects Version/s: 2.2.2
Component/s: Platform UI (Admin UI & Content UI)
Labels:
None

Description

The user can send content to trash with all its subitems even when he does not have permission to delete one or more of said object subitems.

Steps to reproduce
1. Create a new Role named "Test".
2. Add all standard Policies to it and set Content/Remove Limitations to Owner: Self, State: Lock:Locked.
3. Create a new User "test", assign "Test" Role to him.
4. Log in to backend as "test" user.
5. Create a new Folder named "Folder 1".
6. In the previously created Folder create new Folder named "Folder 2".
7. As "admin" user set "Folder 1" state to Locked:Locked and "Folder 2" to Locked:Not locked.
8. As "test" user delete "Folder 1".

Result
"Folder 1" will be sent to trash with "Folder 2" with it.

Expected result
Sending "Folder 1" to trash won't be allowed unless the user will have permissions to delete it subtree items too - like in Legacy.

Attachments

Issue Links

relates to

EZP-29019 Content / Manage locations limitations are not respected

Closed

EZP-29087 Sending to trash should rely on content/remove policy

Closed

EZP-29493 Content/Remove with Content Type limitation allows to remove sub-items of CI with different CT

Closed

EZP-29248 Content/Remove with Node limitation allows to remove sub-items of CI

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Mateusz Bieniek

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 20/Aug/18 1:11 PM

Updated:: 27/Feb/19 4:01 PM

Resolved:: 27/Feb/19 4:01 PM