Issue 142 in wolfcms: Users with no role get redirected to front end without any admin access
wol...@googlecode.com
Owner: djreimer
Labels: Type-Defect Priority-High Usability OpSys-All
New issue 142 by djreimer: Users with no role get redirected to front end
without any admin access
http://code.google.com/p/wolfcms/issues/detail?id=142
What steps will reproduce the problem?
1. Create new user, but do not check one of the "role" boxes.
2. Login as new user.
3. Get redirected to homepage, with no access to the admin at all.
What is the expected output? What do you see instead?
Expect to get some access to the backend, since the new-user-creation does
not seem to *require* one of the role boxes to be ticked.
Either we need to make "editor" a minimal requirement by default, or give a
"no role" user access to "Pages" tab only. Or something!
Please provide additional information.
From forum discussion: http://www.wolfcms.org/forum/topic284.html
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
wol...@googlecode.com
Comment #1 on issue 142 by waters600: Users with no role get redirected to
http://code.google.com/p/wolfcms/issues/detail?id=142
I can't replicate this.
If a user has been added with NO role, they should not be allowed access to
the admin panel on any level (including editor).
The assumption this change would make is that login will only be used for
admin purposes which simply isn't correct. By making someone
with no permission have some permission would be a major security risk...
wol...@googlecode.com
Labels: -Security
Comment #8 on issue 142 by martijn....@gmail.com: Users with no role get
redirected to front end without any admin access
http://code.google.com/p/wolfcms/issues/detail?id=142
(No comment was entered for this change.)