Uploaded image for project: 'Magnolia Diff Module'
  1. Magnolia Diff Module
  2. MGNLDIFF-146

Revise permissions to diff with modular privilege pattern

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 3.0.0
    • None

    Description

      6.3 introduces a new modular privilege pattern with new roles & default groups.

      The admincentral-editor role in particular denies everything starting with /.*, instead of leaving it implicitly allowed. That includes /.magnolia/versionDiff, pointing to the diff servlet.

      See https://git.magnolia-cms.com/projects/PLATFORM/repos/ui/browse/magnolia-admincentral/src/main/resources/mgnl-bootstrap/admincentral/userroles.admincentral-editor.yaml?at=76c9ea475a18856e458c60e7b390331597b54fda#14

      Possible workaround (not a fix)

      1. Edit https://localhost:8080/.magnolia/admincentral#app:security:roles;/superuser:treeview:
      2. Go to the “Web Access” tab.
      3. Add Get & Post to /.magnolia/versionDiff*

      See also:

      Checklists

        Acceptance criteria

        Attachments

          1. can't start instance.png
            can't start instance.png
            375 kB
          2. error-in-screen.png
            error-in-screen.png
            405 kB
          3. magnolia-debug.log
            294 kB
          4. magnolia-error.log
            8 kB
          5. magnolia-error-0.log
            848 kB

          Issue Links

            Activity

              People

                rdhar Rishab Dhar
                miguel.martinez Miguel Martinez
                DeveloperX
                Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:
                  Work Started:

                  Checklists

                    Bug DoR
                    Task DoD