Resolution: Won't Fix
Affects Version/s: 6.2.X EE, 7.0.0 DXP SP4, 7.0.4 CE GA5, 7.0.X, Master
Fix Version/s: None
Component/s: DM > Administration
Too many default permissions for unprivileged users.
Steps to reproduce:
- create a new site A
- create a page P within A, add Documents and Media portlet to page
- create a new unprivileged user U
- make U member of A
- sign in as U, navigate to A
- Upload document to Doc-Lib folder of A, Create Folder in Doc-Lib.
Expected behavior: Upload wouldn't be offered, folders can't be created.
Actual behavior: User has permissions to upload
Crosscheck: As Administrator, go to Site-Admininstration/Document and Media, Choose "Home Folder Permissions" and validate that Site-Member has permissions to upload / create folder.
On the basis of defaulting to minimal permissions, this is unexpected behavior. Modifying this behavior will require writing/deploying code that explicitly unsets those default permissions whenever a new site is created (unless I'm missing the obvious).