EZP-30978: fix issue when location limitation is used on content/edit policy #2780
Conversation
erdnaxelaweb
force-pushed
the
fix-location-limitation-type
branch
from
25d8785
to
3b85a78
Compare
erdnaxelaweb
force-pushed
the
fix-location-limitation-type
branch
from
3b85a78
to
e2530cf
Compare
|
Thx @mikadamczyk |
There was a problem hiding this comment.
Please add an integration test for the use case so we can all understand what is the setup which causes this issue. It can be created either in \eZ\Publish\API\Repository\Tests\PermissionResolverTest or in \eZ\Publish\API\Repository\Tests\Values\User\Limitation\LocationLimitationTest.
Moreover the solution needs to be changed so it applies to all Limitations (in a generic way), not just Location:
| @@ -131,12 +134,16 @@ public function evaluate(APILimitationValue $value, APIUserReference $currentUse | |||
| ); | |||
| } | |||
|
|
|||
| $targets = array_filter($targets, function ($target) { | |||
| return !$target instanceof Version; | |||
There was a problem hiding this comment.
The actual bug exists in the implementation of \eZ\Publish\Core\Repository\Permission\PermissionResolver::lookupLimitations.
An instance of Target should be passed to TargetAwareType Limitation type only, which canUser takes into the account. The lookupLimitation method needs to behave the same way. // cc @mikadamczyk
While this fix works for LocationLimitation, there might be similar issues
Ref:
\eZ\Publish\SPI\Limitation\TargetAwareType,\eZ\Publish\SPI\Limitation\Target.
|
Closing PR as obsolete. eZ Platform 2.5 has reached EOM, so please reopen PR in ezsystems/ezplatform-kernel (bug fixes) or ibexa/core (features/improvements) if issue is still valid for v3.3 / v4.x and you are willing to work on it. |
7.xhttps://jira.ez.no/browse/EZP-30978
TODO:
$ composer fix-cs).