[MAGNOLIA-2318] Default user privileges are not enough for user to change their own preferences Created: 12/Aug/08 Updated: 23/Jan/13 Resolved: 13/Aug/08 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | security |
| Affects Version/s: | 3.6.1 |
| Fix Version/s: | 3.6.2, 3.6.3 |
| Type: | Bug | Priority: | Major |
| Reporter: | Jan Haderka | Assignee: | Jan Haderka |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Template: |
|
||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||||||||||||||||||
| Description |
|
Every user get by permission to access their own node children by default. Permission is assigned via ACL directly under the user account. However this permission given user right to modify children of their own node only. To modify their own account users need to have also permission to read their own account node. user
- acl_users
- 0
- path= /admin/userName/*
- permission = 63
needs to be changed to user
- acl_users
- 0
- path= /admin/userName/*
- permission = 63
- 1
- path= /admin/userName
- permission = 8
We should perhaps also introduce update task to add this second permission to all existing users. |
| Comments |
| Comment by Jan Haderka [ 13/Aug/08 ] |
|
r17321, r17317, r17313 |