Uploaded image for project: 'Magnolia Workflow Module'
  1. Magnolia Workflow Module
  2. MGNLWORKFLOW-179

Any user can launch a workflow regardless of their permissions

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 5.2.1
    • 5.2
    • Base

    Description

      As long as a workflow action is available in the UI, there's no security check regarding the grants owned by the current user.
      The basic rule should be "user has Read+Write grants on the workflow workspace AND has at least Read grant on the node they're trying to publish.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            is causing

            Bug - A problem which impairs or prevents the functions of the product. MGNLUI-2510 UI shouldn't enable actions for which the user has no permissions

            • Critical - Crashes, loss of data, severe memory leak.
            • Closed
            is related to

            Bug - A problem which impairs or prevents the functions of the product. MGNLWORKFLOW-178 Workflow roles do not grant access to workflow workspace

            • Critical - Crashes, loss of data, severe memory leak.
            • Closed

            Activity

              People

                fgrilli Federico Grilli
                fgrilli Federico Grilli
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD