[MAGNOLIA-4729] ACLs only for sub pages does not work like expected Created: 13/Dec/12  Updated: 28/Nov/22  Resolved: 10/Jan/13

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 4.5.4
Fix Version/s: 4.5.8

Type: Bug Priority: Neutral
Reporter: Frank Sommer Assignee: Roman Kovařík
Resolution: Fixed Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File deny_subpages.png     PNG File read_subpages.png    
Issue Links:
documentation
to be documented by DOCU-365 AccessControlProvider settings Closed
relation
is related to MAGNOLIA-4930 Rendering fail due to ConcurrentModif... Closed
is related to MGNLSTK-1062 Freemarker exceptions in link.ftl whe... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

If I reduce the rights of an editor to read only or deny access on sub pages, the editor can not edit the parent page. It seems that the restrictions affect all sub nodes not only sub pages. So the access on the metadata node is restricted, too.

I can reproduce this on your demoauthor instance. The configured role is attached as screen-shot.

The workaround with the dollar sign does not work, too.



 Comments   
Comment by Roman Kovařík [ 10/Jan/13 ]

To avoid this issue set:

<Workspace name="website">
    ...
    <WorkspaceSecurity>
      	<AccessControlProvider class="info.magnolia.cms.core.MagnoliaAccessProvider">
	      <param name="permissionsClass" value="info.magnolia.cms.core.NodeTypeBasedPermissions"/>
      	      <param name="nodeTypes" value="mgnl:page"/>
	</AccessControlProvider>
    </WorkspaceSecurity>
</Workspace>
Generated at Mon Feb 12 03:58:28 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.