![]() |
|
|
|
|
|
|
Change By:
|
Mikaël Geljic
(07/Mar/14 8:38 AM)
|
|
Description:
|
This ticket originally helped us uncover security issues in core (see issue links, first comments), but the UI should also adjust itself correctly to denote correct user permissions, by disabling
or hiding
unauthorized actions, and maintaining proper state according to such permissions.
A new
For 5.2.x, AvailabilityDefinition should gain a
*
voter-based AvailabilityRule
#writePermissionRequired
*
class should
flag.
For 5.3+, we will have multiple/configurable AvailabilityRules (will
be
implemented under maintenance
captured by another issue)
.
More details in linked concept page 'Permissions for UI availability'.
-- ORIGINAL DESCRIPTION --
I changed the permission of the editors in a subtree to read only.
The following issues occurred if I'm logged in as a editor:
- Sometimes it renders a page without the components (fine) but I still can edit the page properties
- I can exclude channels (page title I can't change)
- I can add a page (just not selecting a template)
- Some pages do not render (stay grey)
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <
[email protected]>
----------------------------------------------------------------
Updated description following architecture review of Availability for 5.2.x and 5.3. In the end voters are out of the picture.