Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-2318

Default user privileges are not enough for user to change their own preferences

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 3.6.2, 3.6.3
    • 3.6.1
    • security
    • None

      Every user get by permission to access their own node children by default. Permission is assigned via ACL directly under the user account. However this permission given user right to modify children of their own node only. To modify their own account users need to have also permission to read their own account node.
      In short

      user
 - acl_users
      - 0 
         - path= /admin/userName/*
         - permission = 63

      needs to be changed to 

      user
 - acl_users
      - 0 
         - path= /admin/userName/*
         - permission = 63
      - 1 
         - path= /admin/userName
         - permission = 8

      We should perhaps also introduce update task to add this second permission to all existing users.

        Acceptance criteria

              had Jan Haderka
              had Jan Haderka
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Bug DoR
                  Task DoD