Details
-
Bug
-
Resolution: Duplicate
-
Medium
-
4.4.0, 4.5.0alpha
-
None
Description
This is a patch that fix the issue. Added access check to
ezie/design/standard/templates/content/datatype/edit/ezimage.tpl
{* Edit button *} {if fetch( 'user', 'has_access_to', hash( 'module', 'ezie', 'function', 'all') )} <input type="button" class="button ezieEdit ezieEditButton" name="ezieEdit[{array( "ezie/prepare", $attribute.contentobject_id, $attribute.language_code, $attribute.id, $attribute.version )|implode( '/' )|ezurl( no )}]" id="ezieEdit_{$attribute.id}_{$attribute.version}_{$attribute.contentobject_id}" value="{'Edit'|i18n( 'design/standard/ezie' )}" {if $attribute_content.original.is_valid|not} disabled="disabled"{/if} /> {/if}
Steps to reproduce
Create an user that has no access to ezie.
Try to edit a content object with an image attribute
The edit-button will be visible
Attachments
Issue Links
- duplicates
-
EZP-17542 Edit template of the ezimage attribute (when eZIE activated) doesn't take care of roles and policies
- Closed