protected content nodes are rendered
|Priority:||Must have||Due date:|
|Assignee:||Christian Mueller||% Done:||
Nodes that are restricted to a role (
accessRoles) are currently displayed even if the logged in user does not belong to the respective role.
1 <node identifier="" type="TYPO3.TYPO3:Text" nodeName="someProtectedNode" locale=""> 2 <accessRoles> 3 <role>Administrator</role> 4 </accessRoles> 5 <properties> 6 <headline>Some headline</headline> 7 <text><![CDATA[ 8 <p>This should only be visible to Administrators.</p> 9 ]]></text> 10 </properties> 11 </node>
The text is displayed even if the logged in user is not in the role "Administrator"
[BUGFIX] Protected nodes can never be accessed
Due to a code fix in TYPO3CR a bug with fetching of access
protected nodes was uncovered that lead to non accessibility.
The problem was in Routing and PropertyMapping the
SecurityContext is not yet setup so roles are not available.
This change allows all nodes to be fetched from the TYPO3CR
during those early stages. So access protection must be checked
later (already implemented in the NodeController).
Updated by Christian Mueller about 1 year ago
- Status changed from New to Accepted
- Assignee set to Christian Mueller