[MGNLRES-404] Create resources-editor role that allow get from /.resources/* Created: 02/Aug/23  Updated: 10/Jan/24  Resolved: 02/Nov/23

Status: Closed
Project: Magnolia Resources Module
Component/s: None
Affects Version/s: None
Fix Version/s: 4.0.0

Type: Bug Priority: Neutral
Reporter: Robert Šiška Assignee: Quach Hao Thien
Resolution: Fixed Votes: 0
Labels: dx-core-6.3
Remaining Estimate: Not Specified
Time Spent: 6.5h
Original Estimate: Not Specified

Issue Links:
Relates
relates to MGNLRES-374 Create resources-editor role that all... Closed
duplicate
is duplicated by PAGES-1465 Rendering broken in page-editor Closed
relation
is related to MGNLGQL-164 GraphQL in 6.3: Cannot access GraphQ... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[X]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Release notes required:
Yes
Date of First Response:
Epic Link: Sane Default Roles & Groups
Story Points: 3
Team: DeveloperX
Work Started:
Approved:
Yes

 Description   

Steps to reproduce

Create a light-module with an HTML file: test-lm/webresources/resource.html

Try to access http://localhost:8080/magnoliaAuthor/.resources/test-lm/webresources/resource.html

Expected result

The resource is returned (after login)

Actual result

The URL always redirects to login form.

Developer notes

Only happens on 6.3 DX-Core. 6.2 and CE webapps work correctly.

See: https://docs.magnolia-cms.com/product-docs/6.2/Developing/Resources.html#_restricting_access_to_resources



 Comments   
Comment by Robert Šiška [ 12/Oct/23 ]

6.3 introduced a new structure of ACLs. Namely, admincentral-editor denies web access to "./" and no other role allows ".resources/"

 

Proposed solution after discussion with Evzen: introduce a new role "resources-editor" and assign it to publishers, editors & developers groups.

Comment by Mikaël Geljić [ 26/Oct/23 ]

The resources-editor role was already done in MGNLRES-374, but was never merged (reconciled) into master, stayed on an abandoned feature branch. Hopefully that does the trick

Generated at Mon Feb 12 06:50:19 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.