Bug: non-admin users w/ privs can seemingly move pages to the top of the hierarchy
Reported by dleffler | December 16th, 2011 @ 01:59 AM | in 2.0.7 (closed)
Two (2) issues:
- In the menu hierarchy a non-admin user with 'manage' privilidges can seemingly move the page to the top of the menu hierarchy, but it's not saved (and shouldn't be). But probably shouldn't be a drag/drop target.
- In the page edit form, a non-admin user can select 'top of hierarchy' and place the page at the top. In most cases this will also move it out of the permission inheritance so that can't undo it if it was a mistake. Likely the drop-down should only be displayed for admins?
Comments and changes to this ticket
-
dleffler December 16th, 2011 @ 02:30 AM
Also
- users without page 'manage' priviledges shouldn't see the 'add', 'edit', or 'delete'/(move to standalone) menu items on that page in the tree/hierarchy.
-
expNinja December 16th, 2011 @ 03:21 AM
(from [5fae39f66cd9494ee9910c52a6823fa4d1eadcf1]) Fixes some permissions issues with the page hierarchy menus/screens. The drop-down of available pages to select is now based on page 'manage' permissions, the internal/external menu links were switched, removed 'move_standalone' menu item/screen section for non-admin users [#434] https://github.com/exponentcms/exponent-cms/commit/5fae39f66cd9494e...
-
dleffler December 16th, 2011 @ 03:36 AM
- Milestone set to “2.0.4”
- Assigned user set to “expNinja”
- Milestone order changed from “128” to “0”
Second issue has been fixed by last push.
-
dleffler December 16th, 2011 @ 12:12 PM
- Title changed from “Bug: non-admin users w/ privs can move pages to the top of the hierarchy” to “Bug: non-admin users w/ privs can seemingly move pages to the top of the hierarchy”
-
dleffler January 27th, 2012 @ 08:12 PM
- Milestone changed from “2.0.4” to “2.0.5”
- Milestone order changed from “1” to “0”
-
dleffler February 25th, 2012 @ 02:12 AM
- Milestone changed from “2.0.5” to “2.0.6”
- Milestone order changed from “4” to “0”
-
-
expNinja April 23rd, 2012 @ 01:51 PM
- State changed from “new” to “resolved”
- Assigned user changed from “expNinja” to “dleffler”
(from [6ecea3c238ad981c592b094bb06c7e085dedebd8]) Fixes drag/drop (false) indication that standard user could move page to top of hierarchy [#434 responsible:dleffler state:resolved] https://github.com/exponentcms/exponent-cms/commit/6ecea3c238ad981c...
-
dleffler April 26th, 2012 @ 07:31 PM
- Milestone set to “2.0.7”
- Milestone order changed from “3” to “0”
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Bug Tracker for Exponent CMS
dleffler
expNinja