Details
-
Bug
-
Resolution: Not an issue
-
Neutral
-
None
-
None
-
None
-
None
Description
Steps to reproduce
- Setup SPA Demo locally
- n the selected front-end light module, edit the page template definition and add role restrictions for the superuser to the headline component in the main area, as described here:
https://docs.magnolia-cms.com/product-docs/6.2/Developing/Templating/Template-availability.html#_restricting_component_availability_in_an_area_templateareas: main: title: Main Area availableComponents: Headline: id: spa-lm:components/headline roles: - superuser
- Login as superuser in the admincentral
- Go to the pages app, create a page with the edited page template
- Try to add the headline component, but it is not there
Expected results
Superuser can add the headline component.
Actual results
Superuser cannot add the headline component because the template annontations endpoint is called by the SPA as an anonymous user.
Workaround
N/A
Development notes
Customer findings:
The role restrictions are checked here: info.magnolia.templating.elements.attribute.AvailableComponents#resolveAvailableComponents
There I noticed that the user is not the same as the one logged into Admincentral, but the one the spa uses to invoke the template anontation endpoint, the anonymous user.{quote}
Checklists
Acceptance criteria
Attachments
Issue Links
- to be documented by
-
DOCU-2611 Restricting component availability in an area template via roles
-
- Closed
-