[MGNLSTK-1419] Wrong new user roles assigned Created: 22/Jul/14  Updated: 21/Aug/14  Resolved: 20/Aug/14

Status: Closed
Project: Magnolia Standard Templating Kit (closed)
Component/s: None
Affects Version/s: 2.8.2
Fix Version/s: 2.8.3

Type: Bug Priority: Critical
Reporter: Matteo Pelucco Assignee: Evzen Fochr
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: 10m
Time Spent: Not Specified
Original Estimate: 10m
Environment:

demopublic.magnolia-cms.com


Template:
Acceptance criteria:
Empty
Date of First Response:

 Description   

When you register, after double opt-in, you succesfully log in, but you are not able to see protected pages.

To replicate:
1) go to http://demopublic.magnolia-cms.com
2) register (http://demopublic.magnolia-cms.com/demo-project/members-area/registration.html)
3) click email link to activate your user
4) login

HERE you see the issue: you stay logged in (your name is prompted by PUR login form component, with LOGOUT button) but page "Protected" is not accessible.

The problem seems to be the roles assigned to the new user: anonymous + public-user-registration-base

  • role "anonymous" should be removed, since it contains a DENY rule (the one managed by security callback..)
  • role "public-user-registration-base" is already included in group "demo-project-members", so it is redundant.

In my tests removing both the roles fixed the login procedure.
M.



 Comments   
Comment by Evzen Fochr [ 20/Aug/14 ]

Core of problem is that role demo-project-member don't override deny access in anonymous for "<demo-project>/members-area/protected*". This rule for web access needs to be added and than is done in stk module.

Generated at Mon Feb 12 07:36:23 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.