Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Shane 40 posts 193 karma points
    Nov 25, 2014 @ 13:06
    Shane
    0

    Node permissions not being applied correctly

    Hi,

    I'm using version version 7.1.4 but I seem to have come across a bit of a security flaw.

    For a specific node I have removed all permissions for one user, nothing is ticked. When I log in with that user the node does not show in the tree but I can still access it by entering the id in the URL. After that the user is still able to save and send to publish even though the have no update permission.

    Could there be something else I have overlooked that is still granting this permission?

    Thanks
    Shane

  • Alex Skrypnyk 6150 posts 24110 karma points MVP 8x admin c-trib
    Nov 25, 2014 @ 14:33
    Alex Skrypnyk
    0

    Hi Shane,

    I saw that problem. We have the same behavior of Umbraco 7.1.8.

    Did you setup restrictions as on the screen ?

    http://screencast.com/t/BlnoKTlh6KL5

    For preventing that you have to write some custom module.

    Thanks

  • Shane 40 posts 193 karma points
    Nov 25, 2014 @ 14:43
    Shane
    0

    Hi,

    Yes, that's how my permissions screen looks.

    Were you able to solve this with your custom module? Any details on what you did would be helpful!

    Thanks

     

  • jivan thapa 194 posts 681 karma points
    Nov 25, 2014 @ 22:20
    jivan thapa
    0

    Hi, Have you tried by restarting IIS apppool/website?

  • Shane 40 posts 193 karma points
    Nov 26, 2014 @ 10:17
    Shane
    0

    Hi,

    This was running in IIS express on Visual Studio 2013. Restarting IIS express did cause the correct permissions to take effect. I'll leave this for now and have to test again once it's moved to the integration server. 

    Thanks for the suggestion

    Shane

Please Sign in or register to post replies

Write your reply to:

Draft