Default user privileges are not enough for user to change their own privileges
------------------------------------------------------------------------------
Key: MAGNOLIA-2318
URL: http://jira.magnolia.info/browse/MAGNOLIA-2318
Project: Magnolia
Issue Type: Bug
Components: security
Affects Versions: 3.6.1
Reporter: Jan Haderka
Assignee: Jan Haderka
Every user get by permission to access their own node children by default.
Permission is assigned via ACL directly under the user account. However this
permission given user right to modify children of their own node only. To
modify their own account users need to have also permission to read their own
account node.
In short
{code}
user
- acl_users
- 0
- path= /admin/userName/*
- permission = 63
{code}
needs to be changed to
{code}
user
- acl_users
- 0
- path= /admin/userName/*
- permission = 63
- 1
- path= /admin/userName
- permission = 8
{code}
We should perhaps also introduce update task to add this second permission to
all existing users.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/
----------------------------------------------------------------
