• Type: Bug
• Resolution: Fixed
• Priority: Major
• Fix Version/s: 3.7.4, 3.8
• Affects Version/s: None
• Component/s: None
• Labels:

  None

[CMS-7197] Wrong access checking on a filtered contents service with private contents

Collapse comment: Laurence Aumeunier added a comment - 20/Apr/16 17:28

Laurence Aumeunier added a comment - 20/Apr/16 17:28

I have the following page access configuration :

• Page A (restricted to any connected users)
  • Page A1 (user1 excluded)
  • Page A2 (no specific restriction)

The page A contains a filtered contents service sur "page access" limitation.

When I access to page A with user1 on FO, I can see the contents of page A1 and page A2.
If I click on content of page A1, I have a AccessDeniedException
The content of page A1 should not appear on page A.

Expand comment: Laurence Aumeunier added a comment - 20/Apr/16 17:28

Laurence Aumeunier added a comment - 20/Apr/16 17:28 I have the following page access configuration : Page A (restricted to any connected users) Page A1 (user1 excluded) Page A2 (no specific restriction) The page A contains a filtered contents service sur "page access" limitation. When I access to page A with user1 on FO, I can see the contents of page A1 and page A2. If I click on content of page A1, I have a AccessDeniedException The content of page A1 should not appear on page A.

Collapse comment: Laurence Aumeunier added a comment - 19/Apr/16 10:39

Laurence Aumeunier added a comment - 19/Apr/16 10:39

Furthermore, the excluded users/groups are not take into account

Expand comment: Laurence Aumeunier added a comment - 19/Apr/16 10:39

Laurence Aumeunier added a comment - 19/Apr/16 10:39 Furthermore, the excluded users/groups are not take into account