Content Administrator security problem

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
1/31/2012 11:33:39 AM
Gravatar
Total Posts 1203
Proud member of the mojoPortal team

Help support mojoPortal!
Add-on modules

Content Administrator security problem

Hi Joe, in 2.3.8.1, it appears that Content Administrator security is not working right. Repro steps (tried it on demo.mojoportal.com):

  1. Create new user in Content Administrators role.
  2. Create a new page and set view page view permissions to only "Administrators, Content Administrators, and roles selected below are allowed" radio button (no other roles checked).
  3. Log in as new user and page does not appear in the menu.

Jamie

1/31/2012 12:14:22 PM
Gravatar
Total Posts 18439

Re: Content Administrator security problem

Hi Jamie,

I'm not able to produce that problem.

Are you sure

  • that the user has the content admins role?
  • that the page is marked to include in menu and is not a child of a page not included in the menu?
  • that the page is not a child of a page limited to admins only?

Best,

Joe

1/31/2012 12:33:47 PM
Gravatar
Total Posts 1203
Proud member of the mojoPortal team

Help support mojoPortal!
Add-on modules

Re: Content Administrator security problem

I'm sorry Joe, I misstated the issue. It's the content instances on the page that don't appear.

If both the page and a content instance within the page are set to the "Administrators, Content Administrators, and roles selected below are allowed" radio button, with All Users deselected, then a Content Administrator user can see and navigate to the page in the menu, but doesn't see the restricted feature on the page.

  1. Create new user in Content Administrators role (only).
  2. Create a new page and set view page view permissions to "Administrators, Content Administrators, and roles selected below are allowed" radio button, and deselect "All Users" check box.
  3. Drop a content instance on the page and set instance view permissions to "Administrators, Content Administrators, and roles selected below are allowed" radio button, and deselect "All Users" check box.
  4. Log in as Content Administrator user and the feature does not appear on the page.

I'm sorry for taking you down the wrong path there.

Jamie

1/31/2012 12:57:01 PM
Gravatar
Total Posts 18439

Re: Content Administrator security problem

Hi Jamie,

This is now fixed in the source code repository.

Note that if you already have the page set to Admins, Content Admins and no other roles there really isn't a need to do that on the feature instance, you could leave it set to all users there and page protection is sufficient. The only case where this bug would be a problem is if you have a public page that you want to have a feature instance on that is only visible to admins and content admins.

Best,

Joe

1/31/2012 1:00:38 PM
Gravatar
Total Posts 1203
Proud member of the mojoPortal team

Help support mojoPortal!
Add-on modules

Re: Content Administrator security problem

Thanks Joe! I'll let the webmaster know that she doesn't have to do the "double protection" on the secured pages.

Jamie

2/1/2012 2:35:33 PM
Gravatar
Total Posts 18439

Re: Content Administrator security problem

fyi, I've patched the 2.3.8.1 release with this fix. The only file that changed is mojoPortal.Web.dll

Best,

Joe

You must sign in to post in the forums. This thread is closed to new posts.