Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-2318

Default user privileges are not enough for user to change their own preferences

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 3.6.2, 3.6.3
    • 3.6.1
    • security
    • None

    Description

      Every user get by permission to access their own node children by default. Permission is assigned via ACL directly under the user account. However this permission given user right to modify children of their own node only. To modify their own account users need to have also permission to read their own account node.
      In short

      user
       - acl_users
            - 0 
               - path= /admin/userName/*
               - permission = 63
      

      needs to be changed to

      user
       - acl_users
            - 0 
               - path= /admin/userName/*
               - permission = 63
            - 1 
               - path= /admin/userName
               - permission = 8
      

      We should perhaps also introduce update task to add this second permission to all existing users.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                had Jan Haderka
                had Jan Haderka
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD