-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: Master
-
Fix Version/s: 7.0.0 DXP FP14, 7.0.0 DXP SP3, 7.0.3 CE GA4, 7.0.X EE, 7.1.X, Master
-
Component/s: Sites Administration > Sites
-
Branch Version/s:7.0.x
-
Backported to Branch:Committed
-
Fix Priority:3
-
Git Pull Request:
Steps to reproduce:
- Add the Control Panel > General Permissions > View Control Panel Menu permission to the User role (Roles Admin)
- Create a user (Users Admin)
- Create a group (Groups Admin)
- Assign the user as a member of the group (Site Memberships)
- Log in as the new user
- Navigate to the Site Admin portlet
- Click on the action ("three dots") menu of the created group
Expected Result:
"Edit" should not be an option
Actual Result:
"Edit" is an option, and the user can navigate to the form to edit a site.
When the user submits the form, a Principal Exception is thrown, so they cannot actually change site details, but a user without proper permissions should not be able to see this page at all.