Uploaded image for project: 'Hippo CMS'
  1. Hippo CMS
  2. CMS-15116

Language translation dropdown does not check target folder user rights

    XMLWordPrintable

Details

    • Bug
    • Status: Open
    • Normal
    • Resolution: Unresolved
    • 13.4.17, 14.7.7, 15.0.1
    • None
    • None
    • Flagged
    • Orion
    • Pulsar 309 - Cycle 2-2, Pulsar 310 - Cycle 2 Cooldown, Pulsar 311 - Cycle 3-1, Pulsar 322 - Cycle 6 Cooldown, Orion.Cycle8.Sprint
    • Medium (3-5)

    Description

      In the document view, the language dropdown does not check if a user has enough rights to create translations.

      So if a user has

      • readonly rights on all content roots (e.g. by userrole xm.content.viewer)
      • editor rights on one of the content roots (e.g. by custom domain)
        then the user can still try to create documents in the readonly tree using the language dropdown.

      Reproduction
      See attached myproject14.7.7-readonly.zip with an English and a French content root, also a user that has readonly rights on English content, editor rights on French content:

      • Log in as "editor-fr" and password "/French123"
      • See in the English content that no documents can be created
      • Open French document 'Trois'
      • Use language dropdown and try to add an English translation
        See

      Expected: not possible to create an English translation
      Actual: English translation draft document is created (by root session actually), then no further actions are possible (see ) and an admin needs to delete the document

      Some code analysis
      org.hippoecm.frontend.translation.workflow.TranslationWorkflowPlugin checks TranslationWorkflow.hints for available locales and existing translations.
      org.hippoecm.repository.translation.impl.TranslationWorkflowImpl#hints adds "addTranslation" without a check on the target folders (which is hard too because the target folders may not exist yet).

      Attachments

        1. CMS-15116-A.png
          107 kB
          Jeroen Hoffman
        2. CMS-15116-B.png
          122 kB
          Jeroen Hoffman

        Activity

          People

            ekarakus Erdem Karakus
            jhoffman Jeroen Hoffman
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated: