Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Jay Dobson 75 posts 121 karma points
    Jun 07, 2011 @ 14:32
    Jay Dobson
    0

    Permissions Not Applying For Users With Browse Node Access

    Hi Everyone,

    We're using Umbraco 4.7, and we've run into a bit of an issue.  We noticed that on our local, dev, qa and ua environments Umbraco will let users with "Browse Node" access update and send to publish.  It doesn't matter if the user is a writer or an editor.  We've also explicitely taken away and re-granted that permission to the user, making sure it's the only one on a given node.  Still, the user is able to see and update the content.

    I have no idea what information I can provide, so please ask away. 

    I hope that someone has run into this.  Oddly enough everything is working correctly on Prod.  We've done file compares and even copied our production deploy package down to our local/test environments to see if perhaps a file we'd changed was causing this.  No dice.  I'm going to try a copy of the production package database backup and go from there.

    Thanks,

    Jay

  • Jay Dobson 75 posts 121 karma points
    Jun 07, 2011 @ 16:14
    Jay Dobson
    0

    Found the issue.  I blame it on a brain fart:

    I had added code to capture the page_load event in the front-end of the content editing file (/cmsdir/umbraco/editcontent.aspx).  Everything still seemed to work correctly, but I was logging in as admin each time.  I'm guessing when you have page_load in the .aspx and page_load in the aspx.cs the compiler doesn't combine the two, but rather favors the one in the .aspx file.  This was causing the routine to check permissions not to run (I'm guessing).  Everything else still seemed to work fine.  It was loading the right content into the editor, and the user's context menus were security trimmed correctly.  They were just able to edit content.

    So, completely 100% my fault.  No Umbraco issues. :)

    Jay

Please Sign in or register to post replies

Write your reply to:

Draft