yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

U4-10389 Some webforms editors do not authorize on the user's path access or permissions set for the editing node

Browse Source
This commit is contained in:
Shannon
2017-09-06 11:49:00 +10:00
parent 66affa7f85
commit 8ad1d247fa
11 changed files with 155 additions and 489 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Umbraco.Web/Trees/ContentTreeControllerBase.cs
View File

@@ -271,8 +271,9 @@ namespace Umbraco.Web.Trees
internal IEnumerable<MenuItem> GetAllowedUserMenuItemsForNode(IUmbracoEntity dd)
{
var actions = global::umbraco.BusinessLogic.Actions.Action.FromString(UmbracoUser.GetPermissions(dd.Path));
var actions = ActionsResolver.Current.FromActionSymbols(Security.CurrentUser.GetPermissions(dd.Path, Services.UserService))
.ToList();
// A user is allowed to delete their own stuff
if (dd.CreatorId == UmbracoUser.Id && actions.Contains(ActionDelete.Instance) == false)
actions.Add(ActionDelete.Instance);