This could also be a privacy problem because user sees pages in page tree which he has no business seeing (which might be access protected).
He can also sees
- which user is currently editing the page (see first screenshot)
I could reproduce it in a way where the user sees all pages in entire installation (even though they are not even in the DB mount in the group).
Is only reproducable
- if the user does not have any DB mounts at all
- OR has a DB mount but no permission for the pages.
This could happen by wrong page permissions or misconfiguration of BE user.
Reproduce
create user with no DB mount and set "Mount from groups" | "DB mounts" to off, assign this user to a group
add a DB mount in the group
switch to user
switch to page module (or list module)
Result
The pages which are available for the group will now be displayed in the pagetree but the user has no access to them. If he clicks on a page, exception is thrown: "You don't have access to this page".
Also: context menu | "Info" is displayed, but this results in error message: "Sorry, you didn't have proper permissions to perform this change."
Expected behaviour
- If the user does not have access to the pages, they should not be displayed in the page tree and if he has access to no pages, no pages should be displayed in page tree
- in one case, an exception is thrown, in the other (Context "Info") a modal dialog is displayed with error. I would always expect the error message, not the exception
Setupuser1:
has mostly default permissions, no DB mounts or any modifications of permissions, except:
has group group1
"Mounts and Workspaces" | ""Mount from groups" | "DB Mounts" is off
group1
has DB mount (page id 1)
has access to all modules: "Access Lists" | "Modules" : all selected
has (read) access to all tables: "Access Lists" | "Tables (listing)" : all selected
page tree (page id 1):
"everybody" has all permisions (set in "Access" module)
Versions
Reproduced with
v11 ... latest main
Updated by 
Updated by 
Updated by