We have moved to GitHub Issues
Created by Shannon Deminick 23 Sep 2015, 12:58:50 Updated by Sebastiaan Janssen 15 Dec 2015, 16:13:26
Relates to: U4-7119
Subtask of: U4-112
Security changes will be made for data type CRUD access - If a user has access to either: Content Types, Media Types or Member Type trees, they will have full read/write access to data types.
This is marked as breaking since this behavior is slightly different than previous versions but is not considered a security risk since data types are at the heart of content types.
Don't show related button if user don't have access to section/tree.
PR for review: https://github.com/umbraco/Umbraco-CMS/pull/954
To test, you can create a user that only has access to content/media/settings and then create/modify a content type by adding/modifying data types, assigning list views to the content type, etc... You should get no error responses.
Works as advertised
Priority: Task - Pri 1
Backwards Compatible: False
Due in version: 7.4.0
Sprint: Sprint 5