Details
-
Bug
-
Status: Open
-
Normal
-
Resolution: Unresolved
-
13.4.17, 14.7.7, 15.0.1
-
None
-
None
-
Flagged
-
Orion
-
Pulsar 309 - Cycle 2-2, Pulsar 310 - Cycle 2 Cooldown, Pulsar 311 - Cycle 3-1, Pulsar 322 - Cycle 6 Cooldown, Orion.Cycle8.Sprint
-
Medium (3-5)
Description
In the document view, the language dropdown does not check if a user has enough rights to create translations.
So if a user has
- readonly rights on all content roots (e.g. by userrole xm.content.viewer)
- editor rights on one of the content roots (e.g. by custom domain)
then the user can still try to create documents in the readonly tree using the language dropdown.
Reproduction
See attached myproject14.7.7-readonly.zip
with an English and a French content root, also a user that has readonly rights on English content, editor rights on French content:
- Log in as "editor-fr" and password "/French123"
- See in the English content that no documents can be created
- Open French document 'Trois'
- Use language dropdown and try to add an English translation
See
Expected: not possible to create an English translation
Actual: English translation draft document is created (by root session actually), then no further actions are possible (see 
) and an admin needs to delete the document
Some code analysis
org.hippoecm.frontend.translation.workflow.TranslationWorkflowPlugin checks TranslationWorkflow.hints for available locales and existing translations.
org.hippoecm.repository.translation.impl.TranslationWorkflowImpl#hints adds "addTranslation" without a check on the target folders (which is hard too because the target folders may not exist yet).
