SaaS CMS has officially launched! Learn more now.

Bug: Edit mode fails for editors with access limited to a specific structure when an unpublished draft exists outside that structure

Vote:
 

I was planning to submit this as a bug, but I'm placing it here instead, since this might be a huge problem in several projects. This is the scenario that casues the edit mode to fail:

  • The given editor only has access rights to change and publish pages under a specific structure
  • Another editor with complete access rights for the entire site creates a _draft_ of a page outside that structure
  • The editor with limited access clicks on a link to that page (in the top menu for example).
  • This edit mode will no fail and present a popup with and error message, together with a login screen below.
  • The reason why this happens is because the edit mode tries to display the _draft_ of that page, instead of the published version, which of course causes an access denied exception.

BUT, if the editor with limited access instead uses the page tree (the gadget), this error will not occur, since the published version will be loaded and displayed instead.

This is clearly a major problem for websites with a large number of editors, were every editor has access to specifc parts of the website. Common on smaller intranets aswell. We will probably require a hotfix for this in one of our current projects, before we can relase it. The customer will probably not enjoy the workaround, which basically is to give all editors complete access (perhaps not publish access is required for this to work, haven't verified that).

#71903
May 31, 2013 14:31
Vote:
 

If you haven't already, submit a bug report for this too. The core team does not see every forum post.

#72016
Jun 05, 2013 11:13
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.