Details
-
Bug
-
Resolution: Fixed
-
Medium
-
3.3.7
-
None
Description
Users with a ContentTypeGroupLimitation that denies them editing a ezimageasset field will get AccessDenied when trying to publish the object under certain condition: the object in question was created before the imageasset field was added to the ContentType.
How to reproduce:
- Enable the following ContentTypeGroupLimitation :
ezplatform: repositories: default: fields_groups: list: [content, hidden, metadata] default: content
- Create role NotAccessToHidden with following policies:
sdsdf Content Edit Field Group: content, metadata User Login SiteAccess: admin, site Content Create None Content Publish None Content Versionread None
- Create Usergroup NotAccessToHidden and a user NotAccessToHidden1 belonging to it
- Apply role Anonymous and NotAccessToHidden to usergroup NotAccessToHidden
- Create HiddenImageAsset ContentType with only one textline field : <name>
- Create object Foobar Hidden test of ContentType HiddenImageAsset ( as admin or NotAccessToHidden1, it doesn't matter )
- Edit ContentType HiddenImageAsset, add new ImageAsset field in group hidden
- Now, as user NotAccessToHidden1, try to edit Foobar Hidden test
- Try to publish Foobar Hidden test
Actual : User receives error message The User does not have the 'edit' 'content' permission with: contentId '36562'
Expected: Content should be published
Analysis:
If you edit and object containing a ImageAsset field but do not specify value of it, the field value stored in ezcontentobject_attribute.data_text will be
{"destinationContentId":null,"alternativeText":null,"source":null}
However, if you first create a contenttype, then create objects of that contenttype and then add a ImageAsset field, the value stored in ezcontentobject_attribute.data_text for the existing objects will be :
null
This difference seems to explain why user NotAccessToHidden1 can edit and publish objects that was created after the content type was changed, but not those that were craeted before
Designs
Attachments
Issue Links
- testing discovered
-
IBX-974 ImageAssets has changed internal storage format
- Closed