Uploaded image for project: 'Magnolia Frontend Helpers'
  1. Magnolia Frontend Helpers
  2. MGNLFE-369

Restricting component availability in an area template via Roles not working in SPA enviroment

    XMLWordPrintable

Details

    • Bug
    • Resolution: Not an issue
    • Neutral
    • None
    • None
    • None
    • None

    Description

      Steps to reproduce

      1. Setup SPA Demo locally
      2. n the selected front-end light module, edit the page template definition and add role restrictions for the superuser to the headline component in the main area, as described here:
        https://docs.magnolia-cms.com/product-docs/6.2/Developing/Templating/Template-availability.html#_restricting_component_availability_in_an_area_template 
        areas:
          main:
            title: Main Area
            availableComponents:
              Headline:
                id: spa-lm:components/headline
                roles:
                  - superuser 
      1. Login as superuser in the admincentral
      2. Go to the pages app, create a page with the edited page template
      3. Try to add the headline component, but it is not there

      Expected results

      Superuser can add the headline component.

      Actual results

      Superuser cannot add the headline component because the template annontations endpoint is called by the SPA as an anonymous user.

      Workaround

      N/A

      Development notes

      Customer findings: 

      The role restrictions are checked here: info.magnolia.templating.elements.attribute.AvailableComponents#resolveAvailableComponents 

      There I noticed that the user is not the same as the one logged into Admincentral, but the one the spa uses to invoke the template anontation endpoint, the anonymous user.{quote}

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                canh.nguyen Canh Nguyen
                ccantalapiedra Carlos Cantalapiedra
                Alexander Hems, Fabian Bading, Martin Schmid, Marvin Boie, Wojciech Rydzewski
                DeveloperX
                Votes:
                3 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD