[PAGES-444] User that is disalowed to create pages can move pages Created: 18/May/21 Updated: 13/Aug/21 Resolved: 12/Aug/21 |
|
| Status: | Closed |
| Project: | Magnolia pages module |
| Component/s: | None |
| Affects Version/s: | 6.2.8 |
| Fix Version/s: | 6.2.11 |
| Type: | Bug | Priority: | Major |
| Reporter: | Daniel Schneeberger | Assignee: | Milan Divilek |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||
| Issue Links: |
|
||||||||
| Template: |
|
||||||||
| Acceptance criteria: |
Empty
|
||||||||
| Task DoD: |
[X]*
Doc/release notes changes? Comment present?
[X]*
Downstream builds green?
[X]*
Solution information and context easily available?
[X]*
Tests
[X]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||
| Bug DoR: |
[X]*
Steps to reproduce, expected, and actual results filled
[X]*
Affected version filled
|
||||||||
| Release notes required: |
Yes
|
||||||||
| Date of First Response: | |||||||||
| Epic Link: | UI framework implementation | ||||||||
| Sprint: | UI FW 33, UI FW 34 | ||||||||
| Story Points: | 5 | ||||||||
| Description |
Steps to reproduce
Expected resultsExpectation is that "non-superuser" user is not allowed to move a page with the template that only superuser is allowed to create. Actual results"non-superuser" can move page of type "Travel Home". Additional InputNote that this is a regression from Magnolia 5.7.x as it worked there. This bug is reproducible on "Plain Magnolia" (e.g. https://demoauthor.magnolia-cms.com/ ). The issue seems to be that info.magnolia.module.site.templates.ConfiguredSiteTemplateAvailability#isAvailable is not called when doing "Move Page" while it was called in Magnolia 5.7.x. I set Prioriy to Major as this bug is security related. WorkaroundLegacy app works as expected, it can be used instead of the new app. Development notes |
| Comments |
| Comment by Roman Kovařík [ 13/Aug/21 ] |
|
For release notes: The move page dialog actions now respect template availability constraints. |