You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I created a user able to login by adding him to User group
and removed permissions for that site
User then can open the publish dialog and select resources to publish, even if he is not allowed to see them
Clicking on publish closes the dialog with message "", but permissions are checked, it got not published and errors are logged: ... Caused by: org.opencms.security.CmsPermissionViolationException: Denied access to resource "/sites/group/.content/linkaccordion/", required permissions are "+r". at org.opencms.db.CmsSecurityManager.checkPermissions(CmsSecurityManager.java:6967) at org.opencms.db.CmsSecurityManager.checkPermissions(CmsSecurityManager.java:6938) at org.opencms.db.CmsSecurityManager.readResource(CmsSecurityManager.java:7338) at org.opencms.db.CmsSecurityManager.readResource(CmsSecurityManager.java:4932)
Expected behaviour
User can't see the resources he has not access in publish dialog.
The text was updated successfully, but these errors were encountered:
tobias-karrer
changed the title
User can see and select resources in publish dialog even if he is not allow to publish (OpenCms 10.0.1)
User can see, select and (trigger) publish resources in publish dialog even if he is not allow to see them (OpenCms 10.0.1)
Jan 7, 2021
Status Quo
I created a user able to login by adding him to User group
and removed permissions for that site
User then can open the publish dialog and select resources to publish, even if he is not allowed to see them
Clicking on publish closes the dialog with message "", but permissions are checked, it got not published and errors are logged:
... Caused by: org.opencms.security.CmsPermissionViolationException: Denied access to resource "/sites/group/.content/linkaccordion/", required permissions are "+r". at org.opencms.db.CmsSecurityManager.checkPermissions(CmsSecurityManager.java:6967) at org.opencms.db.CmsSecurityManager.checkPermissions(CmsSecurityManager.java:6938) at org.opencms.db.CmsSecurityManager.readResource(CmsSecurityManager.java:7338) at org.opencms.db.CmsSecurityManager.readResource(CmsSecurityManager.java:4932)
Expected behaviour
User can't see the resources he has not access in publish dialog.
The text was updated successfully, but these errors were encountered: