[MGNLADMLEG-9] Non-superuser is able to run legacy apps Created: 17/May/13 Updated: 24/Jun/13 Resolved: 24/Jun/13 |
|
| Status: | Closed |
| Project: | Admininterface Legacy 4.x (closed) |
| Component/s: | None |
| Affects Version/s: | 5.0 |
| Fix Version/s: | 5.0 |
| Type: | Bug | Priority: | Major |
| Reporter: | Jozef Chocholacek | Assignee: | Federico Grilli |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Date of First Response: |
| Description |
|
A normal (non-superuser) user sees the app icons in Tools/Dev groups and is even able to run some of them. E.g. see logs, config info, flush caches, ... |
| Comments |
| Comment by Jozef Chocholacek [ 13/Jun/13 ] |
|
"Fixed" somehow in RC1 - login form jumps out in the iframe, you can log in as superuser, but it breaks the current session. |
| Comment by Federico Grilli [ 24/Jun/13 ] |
|
This seems to have been fixed for good. Apps visibility looks correct according to a user's permissions. Even trying to get directly to the old adminInterface by typing directly the URL in the browser i.e. http://author/.magnolia/pages/somepage.html as an unauthorised user won't make it accessible. |