version 4.2.0.2 security problem for user roles

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
2/8/2014 4:45:56 AM
IDI
Gravatar
Total Posts 26
View Posts

version 4.2.0.2 security problem for user roles

Hi Joe,

I am now upgading to version 4.2.0.2. all sites under my administration, running fulltrust sql2012 aspnet4

I have a security problem:

  • I defined a new role as xx_edit
  • I put one user to this role
  • I set in security permission in a shared file module (but also in a html module) that the role has modify permission
  • Loggin in with this user let him now see not only the "pencil" to modify content, but even the "key" to modify settings (but fortunatly not the secuity one)

Before (until 3.9.9.8) the user could only see the "pencil", and this worked fine !!!

Can you notice it ?

best regards,

Michele from Rome

 

2/8/2014 5:41:28 AM
IDI
Gravatar
Total Posts 26
View Posts

Re: version 4.2.0.2 security problem for user roles

sory Joe,

it has the same behaviour as 3.9.9.9...so no a problem

but can you still help me to figure out haw to manage that a group of users can only edit (modify) where their gruop are authorized ?

best as ususal

Michele from Rome

2/8/2014 6:35:36 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: version 4.2.0.2 security problem for user roles

Administration > Permissions > Roles NOT Allowed To Edit Feature Instance Settings

if you check the role there then the user will not be able to change settings on the content where he can edit

Hope that helps,

Joe

2/12/2014 1:01:10 PM
IDI
Gravatar
Total Posts 26
View Posts

Re: version 4.2.0.2 security problem for user roles

Great as usual, Thank you so much

michele

You must sign in to post in the forums. This thread is closed to new posts.