Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users can navigate between items they do not have access to #18685

Open
kraftvaerk-chth opened this issue Mar 16, 2025 · 1 comment
Open

Users can navigate between items they do not have access to #18685

kraftvaerk-chth opened this issue Mar 16, 2025 · 1 comment
Labels
type/bug

Comments

@kraftvaerk-chth
Copy link

Which Umbraco version are you using? (Please write the exact version, example: 10.1.0)

15.2.0

Bug summary

It is possible for Umbraco Backoffice users to navigate to content items they do not have access to

Specifics

No response

Steps to reproduce

Login as admin and create some documents of any document type in the following structure:

1

  • 1a
  • 1b

2

  • 2a
  • 2b

Create a new user group with the following settings:
Section: Content
Start node: Allow all
Granular permissions: Read,Update,Publish,Create for only document "1"

Now create a new user in Umbraco, and only assign it to the group you just created

Login as the new user and browse the content tree. It is possible to click and navigate the document items that the user does not have access to, but clicking them will show a red ApiError popup

Expected result / actual result

Expected:
User can only see the documents that they have access to

Actual:
User can see and browse descendants of documents they do not have access to
@github-actions GitHub Actions
Copy link

Hi there @kraftvaerk-chth!

Firstly, a big thank you for raising this issue. Every piece of feedback we receive helps us to make Umbraco better.

We really appreciate your patience while we wait for our team to have a look at this but we wanted to let you know that we see this and share with you the plan for what comes next.

  • We'll assess whether this issue relates to something that has already been fixed in a later version of the release that it has been raised for.
  • If it's a bug, is it related to a release that we are actively supporting or is it related to a release that's in the end-of-life or security-only phase?
  • We'll replicate the issue to ensure that the problem is as described.
  • We'll decide whether the behavior is an issue or if the behavior is intended.

We wish we could work with everyone directly and assess your issue immediately but we're in the fortunate position of having lots of contributions to work with and only a few humans who are able to do it. We are making progress though and in the meantime, we will keep you in the loop and let you know when we have any questions.

Thanks, from your friendly Umbraco GitHub bot 🤖 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kraftvaerk-chth