-
Bug
-
Resolution: Fixed
-
Major
-
1.1
-
None
-
local as well as http://demoauthor.magnolia.info/
-
-
Empty show more show less
access-rights are incorrect
It seems that a user can modify the data repository even without having the correct permissions. However changes will not succeed.
Too many options ('New Folder', 'New Item', 'Delete all', ...) are enabled.
reproducibility:
log in as administrator
create new role 'test' and configure as following:
Config: read only (selected and sub nodes) to /modules/adminInterface/config/menu/data
Data: read only (selected and sub nodes) to /example
URL: get & post to /*
create new user 'dummy':
set only role /test
log out, log in as dummy
select in the menu 'Example' (in the only section Data)
--> I get the options 'New Folder', 'New Item', 'Delete all', 'Activate all' and 'Deactivate all'
--> at least 'New Folder', 'New Item' and 'Delete all' should not be activated, since read-only is configured
Click on 'New Item' --> the edit Window opens
enter name and comment
click on 'Save' --> the window reloads, but does not close. Also the entry is not saved.