Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-30470

Assigning roles with limitations results in "Create your content" menu showing Content Types that user has no permission to create

    Details

    • Sprint:
      [3.0] - Sprint 4

      Description

      When a user has a role assigned that allows creating any Content Type and that assign has a limitation, the user can see all Content Types in "Create your content" menu (the same issue occurs in UDW).

      Steps to reproduce
      1. Clean installation of eZ Platform 2.4.2/2.5.0.
      2. Create User Group named Article creators.
      3. Create User in that group.
      4. Create a new Role called Article creator with Policies:

      Module Function Limitations
      User * None
      Content Create Content Type: Article

      5. Assign Announymous Role to the Article creators User Group.
      6. Assing Article creator Role to the Article creators User Group with Limitation: Section:Media.
      7. Log in to the back office as the user created in step 2.
      8. Go to Content structure. View Home Content in the Content Tree root.
      9. Click on Create Button on the right panel.

      Results
      All Content Types are listed in Create your content menu.

        Activity

        Show
        Andrzej Longosz added a comment - - edited PRs: https://github.com/ezsystems/ezpublish-kernel/pull/2628 https://github.com/ezsystems/ezplatform-admin-ui/pull/987
        Show
        Maciej Tyrała added a comment - merged: https://github.com/ezsystems/ezpublish-kernel/commit/d925e261f3a9b9721c25a3cf18b190430d100d6d https://github.com/ezsystems/ezplatform-admin-ui/commit/7ef70dcb741f566b342374e82157444833b69fee

          People

          • Assignee:
            Unassigned
            Reporter:
            Mateusz Bieniek
          • Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Agile