Uploaded image for project: 'Hippo CMS'
  1. Hippo CMS
  2. CMS-14599

XPages: +Page button visible despite 'viewer' user

    XMLWordPrintable

Details

    • Flagged
    • Orion
    • Puma Sprint 266, Puma sprint 272, Puma Sprint 273, Puma Sprint 274, Puma sprint 275

    Description

      A readonly user, with these userroles:

      • xm.cms.user - Required to login and use the CMS application
      • xm.channel.viewer - Allows viewing channels through role channel-viewer; implies xm.webfiles.reader
      • xm.content.viewer - Allows viewing content through role readonly

      can open the Experience Manager and see preview channels.

      Expected: blue +Page button is not visible/enabled

      Actual: blue +Page button is visible and enabled, user can try to create an XPage (which fails later on).

      Easily reproducible onĀ https://cms.demo.onehippo.com

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. CMS-14675 XPages: as 'viewer' user, call to getActionsAndStates returns 403 due to privilege mismatch

          • High - High priority, expected behaviour required often required for other tasks
          • Needs priority

          Activity

            People

              productteam Product Management Team
              jhoffman Jeroen Hoffman
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated: