Vulnerability in EPiServer.Forms
When reading the Administrator's guide I thought this should be easy but I have run into big trouble...
What I want to achieve:
Restrict the edit possibilities of a page such that specific groups (GermanEditors, ItalianEditors, ...) only can edit the page in a certain language.Example: If user Heinrich, member of group GermanEditors, logs in, he shall be able to edit an existing page in the german language only. If a german version does not exists, he shall be able to create it. This means he should not be able to create the page in e.g. italian, or touch anything of the main/default version of the page (english). The same applies to editors of other nationalities.
What I have done:
Now, what happens when I login with the german editor Heinrich is that, the tree structure is displayed in german and all pages (currently in english only) are displayed with an american flag icon and a padlock icon. This is all fine and expected.
The problem now is that I cannot create a german language version for a particular page because I have no change rights for this page. If I edit the Page Access Rights for this page by adding the Editors role (again, virtual role just to include all the other editor roles) with the Change-flag, the page is not locked anymore and I can add a new version in german, BUT now this user is able to edit the original english page as well...
So, how can I restrict this german user (or group of users) from editing the original english page, and at the same time allowing him to create and edit this page in the german language? I have played around with the settings for some hours now but cannot figure it out. This gotta be a very common scenario, so I am probably missing something...
Any help or hints would be greatly appreciated!
Seems that you have enabled fall back language and is getting into a known bug where the fallback language will be selected in edit mode (even if you don't have access to this page language). This bug has been fixed in CMS 6 R2 which is about to be released pretty soon. The alternative is to temporary disable fallback languages until you can upgrade if that is possible.
RegardsLinus EkströmEPiServer Development Team
Thanks, this bug (#26886) is exactly what I got. Your suggestion of temporarily disable fallback language seems to do the trick.