[MGNLUI-2615] AppLauncherLayout does not check ACL's Created: 21/Jan/14  Updated: 12/Aug/14  Resolved: 12/Aug/14

Status: Closed
Project: Magnolia UI
Component/s: applauncher
Affects Version/s: 5.2.1
Fix Version/s: None

Type: Bug Priority: Critical
Reporter: Tom Wespi Assignee: Mikaël Geljić
Resolution: Not an issue Votes: 0
Labels: applauncher, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File Screen Shot 2014-01-21 at 20.18.53.png     PNG File Screen Shot 2014-01-21 at 20.20.11.png     PNG File Screen Shot 2014-01-21 at 20.22.32.png     PNG File Screen Shot 2014-01-22 at 04.27.14.png    
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

If you add a role which deny access to a node in the appLauncherLayout, users with this role still the app icon. Even if you deny access to the whole pages app.



 Comments   
Comment by Tom Wespi [ 22/Jan/14 ]

it doesn't work that way. you define roles for app access directly under apps. look at configuration app.

Comment by Mikaël Geljić [ 12/Aug/14 ]

Hi Tom, you're spot-on!
App permissions (availability) don't rely on ACLs, like the 4.5 menus used to.
We provide an upgrade task for this though: info.magnolia.ui.admincentral.setup.ConvertAclToAppPermissionTask

Yet, I agree permissions currently look a bit scattered; we should definitely "regroup" the permission settings in the Security app at some point.
Meanwhile, I will close this ticket if I may.

Cheers!

Generated at Mon Feb 12 08:58:27 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.