|
If you were logged in you would be able to see more operations.
|
|
|
|
During authorization process, BetaCMS web console examines the provided authorization list in respect to logged in user's assigned roles.
If reserved keywords ALL or NONE are found in the list then role matching does not take place. Problem is that only the first value of the authorization list
is checked for ALL or NONE value, when any entry of the list should be checked.
The truth is that authorization list should contain either ALL or NONE or one or more user ids or roles. From that perspective current check is correct : only the first value of the authorization list is checked. Nevertheless, it may be the case that users are importing content using BetaCMS API and not web console and they may provide authorization lists which do not follow the above pattern.
|
|
Description
|
During authorization process, BetaCMS web console examines the provided authorization list in respect to logged in user's assigned roles.
If reserved keywords ALL or NONE are found in the list then role matching does not take place. Problem is that only the first value of the authorization list
is checked for ALL or NONE value, when any entry of the list should be checked.
The truth is that authorization list should contain either ALL or NONE or one or more user ids or roles. From that perspective current check is correct : only the first value of the authorization list is checked. Nevertheless, it may be the case that users are importing content using BetaCMS API and not web console and they may provide authorization lists which do not follow the above pattern.
|
Show » |
|
Bug
Closed
Minor
BetaCMS Web Console authorization process expects to find values ALL or NONE only at the first value of authorization list