Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-6842

Ability to open read-only content in edit mode misleads users

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Minor
    • None
    • 5.4.9, 6.2.9
    • None

    Description

      Some URLs does not reflect security permissions, or app behaviour.

      e.g.: edit asset

      1. create a role restricted-dam, with read-only value to DAM /destinations
      2. assign that role to user eric
      3. login with user superuser, and reach DAM /destinations/south-central-america, open in edit mode and copy URL
      4. login with user eric, reach the same folder. You notice that read-only icon is shown and if you double click on the image, it won't open. Now, paste the URL and hit enter. URL is loaded and you can enter values. If you save, then an error appear (You don't have rights...)

      Attached: JCR export for reproducing the issue and few screenshots

      Checklists

        Acceptance criteria

        Attachments

          1. SUPPORT-6779_1.png
            SUPPORT-6779_1.png
            30 kB
          2. SUPPORT-6779_2.png
            SUPPORT-6779_2.png
            68 kB
          3. userroles.restricted-dam.xml
            6 kB
          4. users.admin.eric.xml
            16 kB

          Activity

            People

              Unassigned Unassigned
              matteo.pelucco Matteo Pelucco
              Nucleus
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:

                Checklists

                  Bug DoR
                  Task DoD