Bug #37267
protected content nodes are rendered
| Status: | Resolved | Start date: | 2012-05-17 | |
|---|---|---|---|---|
| Priority: | Must have | Due date: | ||
| Assignee: | Christian Mueller | % Done: | 0% |
|
| Category: | Frontend | |||
| Target version: | - | |||
| Votes: | 2 (View) |
Description
Nodes that are restricted to a role (accessRoles) are currently displayed even if the logged in user does not belong to the respective role.
Example:
1 <node identifier="" type="TYPO3.TYPO3:Text" nodeName="someProtectedNode" locale=""> 2 <accessRoles> 3 <role>Administrator</role> 4 </accessRoles> 5 <properties> 6 <headline>Some headline</headline> 7 <text><![CDATA[ 8 <p>This should only be visible to Administrators.</p> 9 ]]></text> 10 </properties> 11 </node>
The text is displayed even if the logged in user is not in the role "Administrator"
Associated revisions
[BUGFIX] Protected nodes can never be accessed
Due to a code fix in TYPO3CR a bug with fetching of access
protected nodes was uncovered that lead to non accessibility.
The problem was in Routing and PropertyMapping the
SecurityContext is not yet setup so roles are not available.
This change allows all nodes to be fetched from the TYPO3CR
during those early stages. So access protection must be checked
later (already implemented in the NodeController).
Related: #37267
Change-Id: If4e6bcaff73b136abf7435c19c49d31de73629dc
History
Updated by Christian Mueller about 1 year ago
- Status changed from New to Accepted
- Assignee set to Christian Mueller
Updated by Aske Ertmann about 1 year ago
- Status changed from Accepted to Resolved