We have moved to GitHub Issues
You are viewing the read-only archive of Umbraco's issue tracker. To create new issues, please head over to GitHub Issues.
Make sure to read the blog posts announcing the move for more information.
Created by Shannon Deminick 23 Sep 2015, 12:58:50 Updated by Sebastiaan Janssen 15 Dec 2015, 16:13:26
Relates to: U4-7119
Subtask of: U4-112
Security changes will be made for data type CRUD access - If a user has access to either: Content Types, Media Types or Member Type trees, they will have full read/write access to data types.
This is marked as breaking since this behavior is slightly different than previous versions but is not considered a security risk since data types are at the heart of content types.
Don't show related button if user don't have access to section/tree.
PR for review: https://github.com/umbraco/Umbraco-CMS/pull/954
To test, you can create a user that only has access to content/media/settings and then create/modify a content type by adding/modifying data types, assigning list views to the content type, etc... You should get no error responses.
Works as advertised
Priority: Task - Pri 1
Type: Task
State: Fixed
Assignee:
Difficulty:
Category:
Backwards Compatible: False
Fix Submitted:
Affected versions:
Due in version: 7.4.0
Sprint: Sprint 5
Story Points:
Cycle: