[CMS-6951] Backport CMS7 6744 to 7.7 - channel unlock is only available if user is in group with _name_ "admin" - Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: High
Resolution: Fixed
Affects Version/s: 2.22.13
Fix Version/s: 2.22.15
Component/s: None
Labels:
- 781

Description

The current implementation only shows the channel unlock button if the user is in the group with the exact name "admin". Expected behavior is that the check should be whether the user has the "hippo:admin" privilege

Observation by Nour:
In line 473 (https://source.onehippo.com/browse/public/hippo-cms7/addons/addon-channel-manager/trunk/frontend/src/main/java/org/onehippo/cms7/channelmanager/templatecomposer/PageEditor.java?r=37177&r=37177#to473)
A query is made [1] to check hard coded if the user is in namely in the admin group or not

[1] SELECT * FROM hipposys:group WHERE jcr:primaryType='hipposys:group' AND fn:name() = 'admin' AND hipposys:members='{}'
the '{}' is replaced by the logged in username

NOTE: Look at unlocking documents as a reference/example

Attachments

Activity

People

Assignee:: Junaidh Kadhar Sheriff

Reporter:: Junaidh Kadhar Sheriff

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/Feb/13 1:11 PM

Updated:: 04/Mar/13 5:44 PM

Resolved:: 01/Mar/13 4:57 PM