Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-32044

Subrequest rendering method does not use the same permissions as main request

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: 3.2.0-rc1
    • Fix Version/s: 3.2.0
    • Component/s: None
    • Labels:

      Description

      When the ez_render Twig helper with subrequest rendering strategy is used the subrequest is performed as anonymous user, making it unable to display Content/Locations requiring authentication.

      Steps to reproduce:
      1. Place the template subrequest.html.twig in templates/themes/standard/blocks
      2. Create a default_layouts.yaml file in config/packages with content:

      ezplatform_page_fieldtype:
          blocks:
              contentlist:
                  views:
                      esi:
                          template: '@ezdesign/blocks/subrequest.html.twig'
                          name: 'Subrequest rendering'
      

      3. Login as admin
      4. Start creating a new Landing Page
      5. Add ContentList block and open block configuration
      6. In the second tab select "Subrequest rendering" view.
      7. In the first tab select "Users/Administrator Users/ as parent, 5 as limit and User as Content Type
      8. Submit block configuration

      Expected:
      Block is rendered and Administrator User is displayed

      Actual:
      Block content is not rendered, exception happens under the hood:

      An exception has been thrown during the rendering of a template ("The User does not have the 'read' 'content' permission with: contentId '14'").
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            marek.nocon@ez.no Marek Nocoń
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: