-
Bug
-
Resolution: Fixed
-
Neutral
-
6.2.2, 6.2.3
-
None
-
-
Empty show more show less
-
Maintenance 29
If you give a user read-only to / and read-write to /travel then that user cannot delete components in the travel site because the action needs to set the page editor status.
Recreate issue
- In the Security app, edit the role travel-demo-editor.
- Set the ACLs for website:
- Log out.
- Log back in as user eric.
- Attempt to delete component from the travel site.
- Observe the error. delete-error.txt
Expected
The user should be able delete a component with this ACL configuration. It's a logical configuration for system admins. The fact the delete action needs to modify the root node should be handled another way. Perhaps in system context or with a reorder of operations.
Workaround
Use read-write on / and use deny on the sites you want to disallow.
Acceptance criteria