U4-6973 - Given custom permissions user can create, but cannot save

Created by Murray Roke 17 Aug 2015, 23:04:47 Updated by Vinay Sud 10 Feb 2016, 16:40:38

Is duplicated by: U4-5433

I've created a custom user / userType and given them permissions to create blog posts (on the default umbraco 7.2.8 starter kit) But when they've created the post, there is no save button on it. This custom user type has the default permissions of none (this is what I want), and I've created custom permissions for them programatically, but in the example below I do it manually to show the same effect.

Steps:

  1. Create user type: organisation
  2. create user of type organisation: u: testUser pw: testUser Sections: tick only content.
  3. Set permissions for "Content/Home" > Browse Node (replace child permissions)
  4. Set permissions for "Content/Home/Blog" > Browse Node, Create, Publish, Update (replace child permissions)
  5. login as testUser
  6. expand Home, right click blog > create > blog post

Here I should be able to save the blog post, but the save & publish & preview button is not there. See screenshot (left user is admin, right user is testUser)

1 Attachments

Comments

Shannon Deminick 18 Aug 2015, 22:12:28

Will have a look tomorrow


Shannon Deminick 20 Aug 2015, 15:22:40

I tried this with the latest codebase now and it all worked as expected.


Murray Roke 25 Aug 2015, 22:27:38

I follow these steps using umbraco 7.3.0 RC, and I get the same issue: ie, there is no save button. I also tried ticking ALL permissions for blog. (no save button) also note: editing existing blog posts works fine, but creating does not

I also noted left clicking on blog resulted in the error: (which I don't get if the user has access to the media section.!?!? :-) Authorization error: Unauthorized access to URL: /umbraco/backoffice/UmbracoApi/Content/GetById


Shannon Deminick 31 Aug 2015, 15:53:33

I believe I have found the issue... looking into this now.


Shannon Deminick 31 Aug 2015, 16:05:20

Issue fixed in rev: 05e17e1c7f68c3a6a828a3b52aa5fb82249d5b60

The problem was because for new content, we were checking permissions on the new content id (which was zero), but for new content we need to get permissions from it's parent.


Priority: Major

Type: Bug

State: Fixed

Assignee: Shannon Deminick

Difficulty: Normal

Category:

Backwards Compatible: True

Fix Submitted:

Affected versions: 7.2.8

Due in version: 7.3.0

Sprint:

Story Points:

Cycle: