U4-7134 - New content type editor requires CRUD access to data types

Created by Shannon Deminick 23 Sep 2015, 12:58:50 Updated by Sebastiaan Janssen 15 Dec 2015, 16:13:26

Relates to: U4-7119

Subtask of: U4-112

Security changes will be made for data type CRUD access - If a user has access to either: Content Types, Media Types or Member Type trees, they will have full read/write access to data types.

This is marked as breaking since this behavior is slightly different than previous versions but is not considered a security risk since data types are at the heart of content types.

Comments

esunxray 23 Sep 2015, 13:27:07

Don't show related button if user don't have access to section/tree.


Shannon Deminick 15 Dec 2015, 13:43:25

PR for review: https://github.com/umbraco/Umbraco-CMS/pull/954


Shannon Deminick 15 Dec 2015, 13:44:22

To test, you can create a user that only has access to content/media/settings and then create/modify a content type by adding/modifying data types, assigning list views to the content type, etc... You should get no error responses.


Sebastiaan Janssen 15 Dec 2015, 16:13:26

Works as advertised


Priority: Task - Pri 1

Type: Task

State: Fixed

Assignee:

Difficulty:

Category:

Backwards Compatible: False

Fix Submitted:

Affected versions:

Due in version: 7.4.0

Sprint: Sprint 5

Story Points:

Cycle: