Permissions Not Applying For Users With Browse Node Access
Hi Everyone,
We're using Umbraco 4.7, and we've run into a bit of an issue. We noticed that on our local, dev, qa and ua environments Umbraco will let users with "Browse Node" access update and send to publish. It doesn't matter if the user is a writer or an editor. We've also explicitely taken away and re-granted that permission to the user, making sure it's the only one on a given node. Still, the user is able to see and update the content.
I have no idea what information I can provide, so please ask away.
I hope that someone has run into this. Oddly enough everything is working correctly on Prod. We've done file compares and even copied our production deploy package down to our local/test environments to see if perhaps a file we'd changed was causing this. No dice. I'm going to try a copy of the production package database backup and go from there.
I had added code to capture the page_load event in the front-end of the content editing file (/cmsdir/umbraco/editcontent.aspx). Everything still seemed to work correctly, but I was logging in as admin each time. I'm guessing when you have page_load in the .aspx and page_load in the aspx.cs the compiler doesn't combine the two, but rather favors the one in the .aspx file. This was causing the routine to check permissions not to run (I'm guessing). Everything else still seemed to work fine. It was loading the right content into the editor, and the user's context menus were security trimmed correctly. They were just able to edit content.
So, completely 100% my fault. No Umbraco issues. :)
Permissions Not Applying For Users With Browse Node Access
Hi Everyone,
We're using Umbraco 4.7, and we've run into a bit of an issue. We noticed that on our local, dev, qa and ua environments Umbraco will let users with "Browse Node" access update and send to publish. It doesn't matter if the user is a writer or an editor. We've also explicitely taken away and re-granted that permission to the user, making sure it's the only one on a given node. Still, the user is able to see and update the content.
I have no idea what information I can provide, so please ask away.
I hope that someone has run into this. Oddly enough everything is working correctly on Prod. We've done file compares and even copied our production deploy package down to our local/test environments to see if perhaps a file we'd changed was causing this. No dice. I'm going to try a copy of the production package database backup and go from there.
Thanks,
Jay
Found the issue. I blame it on a brain fart:
I had added code to capture the page_load event in the front-end of the content editing file (/cmsdir/umbraco/editcontent.aspx). Everything still seemed to work correctly, but I was logging in as admin each time. I'm guessing when you have page_load in the .aspx and page_load in the aspx.cs the compiler doesn't combine the two, but rather favors the one in the .aspx file. This was causing the routine to check permissions not to run (I'm guessing). Everything else still seemed to work fine. It was loading the right content into the editor, and the user's context menus were security trimmed correctly. They were just able to edit content.
So, completely 100% my fault. No Umbraco issues. :)
Jay
is working on a reply...