Not sure whether to submit this as a bug report yet, although it has fairly serious implications for our work:
one of our editors noticed, while I was setting asset positions on an asset listing page, that if i add positions for pages which are under construction, and which he does not have permission to view, he can see these appear on the front end once asset listing positions are set…
:blink:
We're using 3.6.8. This doesn't seem to be listed in the bug tracker as yet…
I would log this as a bug so that the developers can attempt to replicate it.
[quote]I would log this as a bug so that the developers can attempt to replicate it.
[right][post=“10523”]<{POST_SNAPBACK}>[/post][/right][/quote]
Thanks. I was wondering if asset positioning was intended to override permissions or not… but overriding page status certainly was a surprise!
Logged at http://bugs.matrix.squiz.net/view_bug.php?bug_id=1435
Asset permissions should still respect the permissions - if you do not have effective read access it should not appear. This will be fixed; watch the bug report for any updates.
Edit: bug #1435 fixed.
[quote]Asset permissions should still respect the permissions - if you do not have effective read access it should not appear. This will be fixed; watch the bug report for any updates.
Edit: bug #1435 fixed.
[right][post=“10560”]<{POST_SNAPBACK}>[/post][/right][/quote]
Thanks. Are there any plans to fix this for 3.6.8? or will we need to wait until we can upgrade?
Things can only be fixed in the latest code, so the fix goes into the latest 3.6 branch code - we cannot backport fixes to released versions. (My fault for not marking it as fixed in 3.6.*; the fix was in but I mustn't have marked it.) You would need to contact us to schedule an upgrade, most probably.