[MAGNOLIA-4729] ACLs only for sub pages does not work like expected Created: 13/Dec/12 Updated: 28/Nov/22 Resolved: 10/Jan/13 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | security |
| Affects Version/s: | 4.5.4 |
| Fix Version/s: | 4.5.8 |
| Type: | Bug | Priority: | Neutral |
| Reporter: | Frank Sommer | Assignee: | Roman Kovařík |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||||||||||
| Issue Links: |
|
||||||||||||||||||||
| Template: |
|
||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||
| Description |
|
If I reduce the rights of an editor to read only or deny access on sub pages, the editor can not edit the parent page. It seems that the restrictions affect all sub nodes not only sub pages. So the access on the metadata node is restricted, too. I can reproduce this on your demoauthor instance. The configured role is attached as screen-shot. The workaround with the dollar sign does not work, too. |
| Comments |
| Comment by Roman Kovařík [ 10/Jan/13 ] |
|
To avoid this issue set: <Workspace name="website">
...
<WorkspaceSecurity>
<AccessControlProvider class="info.magnolia.cms.core.MagnoliaAccessProvider">
<param name="permissionsClass" value="info.magnolia.cms.core.NodeTypeBasedPermissions"/>
<param name="nodeTypes" value="mgnl:page"/>
</AccessControlProvider>
</WorkspaceSecurity>
</Workspace>
|