vc-platform icon indicating copy to clipboard operation
vc-platform copied to clipboard

Published 20 hours ago verified publisher icon VirtoCommerce

Content module doesn't check scope based permissions when creating and deleting pages

Open Woland2k opened this issue 7 years ago • 3 comments

Need to check scope user permissions for a particular store when creating pages.

As a manager, I want to manage permissions to Create, Update or Delete pages

Woland2k avatar Jul 11 '17 00:07 Woland2k

In content module need to support only one scope is Store Here is example how to work with scope based permissions https://github.com/VirtoCommerce/vc-module-store/blob/master/VirtoCommerce.StoreModule.Web/Controllers/Api/StoreModuleController.cs#L233

tatarincev avatar Jul 20 '17 06:07 tatarincev

Did you test what you made? Any content permissions does not contains scope definition UI All methods have [CheckPermission(Permission = ContentPredefinedPermissions.XXXX)] attribute which will always throw 401 exception for customer without global permission.

tatarincev avatar Jul 24 '17 06:07 tatarincev

See how it made in order module: https://github.com/VirtoCommerce/vc-module-order/blob/master/VirtoCommerce.OrderModule.Web/Security/OrderStoreScope.cs https://github.com/VirtoCommerce/vc-module-order/blob/master/VirtoCommerce.OrderModule.Web/Scripts/order.js#L352

tatarincev avatar Aug 31 '17 13:08 tatarincev