Wrong start node for editor #772
Comments
|
On our staging environment I have now also tried to removed one group from the user, the one that is supposed to be common for everyone, so the user is now only member in one group. If I now try to remove the start folder for Umbraco forms nothing happens. The editor still only sees the forms from the wrong but it should be able to view all forms and folders in the Umraco forms section. I've tried open new browser windows in incognito mode if there were any cache but nothing happens. |
|
I've now also tried creating a new user and make it a member to another group (just one) and there is no problem changing the umbraco forms start folder for that user. It seems like something happens if a user has been a member of two user groups and there has been a forms start folder involved in one of the groups. |
|
Thanks again for your efforts in testing this and clearly defining the issue you have found. Currently we have this logic for determining what a user's start folders are when user group based security is being employed. So if a user has access to two groups, one with start folders defined and one without, we assume they have access to the root and all folders (as one of the groups they are assigned to effectively has that permission by not having any start folders defined). Of course though, as in your scenario, if the group that doesn't have start folders defined, also doesn't have access to the forms section (or does, but doesn't have any permissions to manage forms), then we shouldn't be considering this group when defining start folders. I.e. we should consider only the groups that do have forms access. So we need to fix that, which I've done now for the next release. |
AndyButland
added
release/8.12.2
release/9.4.2
and removed
release/8.13.0
release/9.5.0
labels
When an editor is a member of two (or more) user groups, when one user group has a forms start node selected and the other has not (it doesn't have access to the forms section), the forms section behaves strangely.
Reproduction
We have an Umbraco installation that is going to have different websites for different companies and each company is going to be restricted to their site. Each company is going to have their own user group with access to only their own site in the content tree, their own folder in the media library and their own forms folder in the forms section. However, each company is also going to be member of another user group for shared resources. This includes a demo site in the content section which they can view for inspiration and a shared folder in the media library. So, each user is going to be a member of two user groups where one of the groups (the company specific one) is going to have a start folder selected in the forms security section. However, when a user is member of more than one group strange things happen when navigating to the forms section. On our staging environment an editors forms are created and saved into the wrong folder, not the one selected in the forms security section. When trying to replicate the error on localhost, the editor instead get access to all folders in the forms section and can also view some of the forms in the different folders.
Specifics
Umbraco 9.5.0
Umbraco forms 9.4.1
Steps to reproduce
Expected result
The user has access to only the forms start folder specified and the forms created are created in the folder that is specified in the forms security section.
Actual result
The editor might be able to view all forms folders and/or a created form is saved into the wrong folder.
The text was updated successfully, but these errors were encountered: