Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-2316

ACLs assigned directly to user are not used at runtime.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 3.6.2, 3.6.3
    • 3.6.1
    • security
    • None

    Description

      the ACls set directly on the user node are not added to the permission lists on login at the moment, which means they are never used during runtime. It can be easily tested by removing acl_roles children from any user ... after doing so user can still login without any problems even tho in theory (s)he has no longer rights to even read his/her own node data.
      Another case that exposes this issue in fix for MAGNOLIA-574 - when user edit dialog is enabled directly without user having rights to access their node via role or group rights the given user will not be able to edit his/her preferences even tho they have such preferences assigned directly to their account.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                had Jan Haderka
                had Jan Haderka
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD