Details
-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
5.4.9, 6.2.9
-
None
Description
Some URLs does not reflect security permissions, or app behaviour.
e.g.: edit asset
- create a role restricted-dam, with read-only value to DAM /destinations
- assign that role to user eric
- login with user superuser, and reach DAM /destinations/south-central-america, open in edit mode and copy URL
- login with user eric, reach the same folder. You notice that read-only icon is shown and if you double click on the image, it won't open. Now, paste the URL and hit enter. URL is loaded and you can enter values. If you save, then an error appear (You don't have rights...)
Attached: JCR export for reproducing the issue and few screenshots
Checklists
Acceptance criteria