Permissions for custom module have no effect

Posted by Community Admin on 04-Aug-2018 14:08

Permissions for custom module have no effect

Sitefinity - Bugs & Issues

All Replies

Posted by Community Admin on 01-Jan-2013 00:00

Hi,

I'm trying to give the Editors role Create, View, Modify, and Delete rights to custom modules that were developed using Module builder so that I don't have to make everyone in the backend an administrator. I assign the permissions for the Editors role in the backend, but then when I log in as a user in the editors role, I cannot see the module in the content menu. Screenshots are attached for a specific module, but this is happening for the dozen or so that we have.

Thanks,

Stuart

Posted by Community Admin on 03-Jan-2013 00:00

Hello,

 Thanks for using Sitefinity!

I'm not able to replicate the issue. Remember Sitefinity permissions work as explicit deny. If the user is denied access to a specific section and allowed it by another role, the deny will take precedence. Can you try to create a new test user, add it to "Editor" only, ensure it it is a part of "Backend Users" and post a video of what you get?

Thanks in advance!

Regards,
Patrick Dunn
the Telerik team
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 03-Jan-2013 00:00

Hi Patrick,

That's exactly what I did (sans the video part) in the screenshots above. I dug a little deeper after your post though, and while there are no explicit denys present on the module in question ("Homepage Slider Items", although this happens for EVERY custom module), I did notice that the test_editor user, while it is definitely in the Editors role, doesn't seem to inherit the permissions of the editors role. 

I've attached screenshots below.
editors_role.png shows that test_editor user is in the Editor's role.
permissions_for_editors.png shows that the editors role has permissions for the module. This is /Sitefinity/Administration/Permissions>by Role or User>Roles>Editors
permissions_for_test_editor.png shows that the test_editor user does NOT have permissions for the module. /Sitefinity/Administration/Permissions>by Role or User>Users>test_editor

Thanks,
Stuart

PS - while we're at it - it would be great if we could give the Editors role blanket CRUD rights to items within custom modules so that I don't have to assign those line items individually. 

Posted by Community Admin on 08-Jan-2013 00:00

Hi Stuart,

 I investigated your issue and it turned out that the permissions are not inherited only in the UI.

I created a user with Editor's role, then set CRUD permission to the Editor (Administration->Roles->Editors->Permissions) like your screenshot (permissions_for_editors.png) and when i logged in with created user, permissions are set and work properly.

Unfortunately when I go to Administration->Permissions->by Role or User-> Users -> test_user, the permissions are not displayed correctly and it is a bug and I logged it. We will do our best to fix it in one of our future releases. As a gratitude for your help, I've increased your Telerik points.

 About setting permissions for dynamic items by default, I've added a feature request.
Here you can find and follow the PITS Issue: Public URL

All the best,
Nikolay Dimitrov
the Telerik team
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

This thread is closed