Uploaded image for project: 'Ibexa IBX'
  1. Ibexa IBX
  2. IBX-972

ImageAsset and ContentTypeGroupLimition doesn't work for already created content

    XMLWordPrintable

Details

    Description

      Users with a ContentTypeGroupLimitation that denies them editing a ezimageasset field will get AccessDenied when trying to publish the object under certain condition: the object in question was created before the imageasset field was added to the ContentType.

      How to reproduce:

      1. Enable the following ContentTypeGroupLimitation : 
        ezplatform:
    repositories:
        default:
            fields_groups:
                list: [content, hidden, metadata]
                default: content
      2. Create role NotAccessToHidden with following policies: 
            sdsdf
	Content 	Edit 	    Field Group: content, metadata 
	User 	Login 	    SiteAccess: admin, site 
	Content 	Create 	None 	
	Content 	Publish 	None 	
	Content 	Versionread 	None
      3. Create Usergroup NotAccessToHidden and a user NotAccessToHidden1 belonging to it
      4. Apply role Anonymous and NotAccessToHidden to usergroup NotAccessToHidden
      5. Create HiddenImageAsset ContentType with only one textline field : <name>
      6. Create object Foobar Hidden test of ContentType HiddenImageAsset ( as admin or NotAccessToHidden1, it doesn't matter )
      7. Edit ContentType HiddenImageAsset, add new ImageAsset field in group hidden
      8. Now, as user NotAccessToHidden1, try to edit Foobar Hidden test
      9. Try to publish Foobar Hidden test

      Actual : User receives error message The User does not have the 'edit' 'content' permission with: contentId '36562'
      Expected: Content should be published

      Analysis:
      If you edit and object containing a ImageAsset field but do not specify value of it, the field value stored in ezcontentobject_attribute.data_text will be 

      {"destinationContentId":null,"alternativeText":null,"source":null}

      However, if you first create a contenttype, then create objects of that contenttype and then add a ImageAsset field, the value stored in ezcontentobject_attribute.data_text for the existing objects will be :

      null

      This difference seems to explain why user NotAccessToHidden1 can edit and publish objects that was created after the content type was changed, but not those that were craeted before

      Designs

        Attachments

          Activity

            People

              Unassigned Unassigned
              vidar.langseid@ibexa.co Vidar Langseid
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: