-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IBX-6592: Content Object State assignment should rely on Location
instead of ContentInfo
#391
Conversation
…ect State assignment
Location
to be a part of permission check for Object State assignmentLocation
instead of ContentInfo
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
Correct me if I get this wrong. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes to ContentService
interface are not applied to Event layer. Please update setContentState
method implementation and add new field to BeforeSetContentStateEvent
and SetContentStateEvent
events.
ContentInfo $contentInfo, | ||
ObjectStateGroup $objectStateGroup, | ||
ObjectState $objectState, | ||
?Location $location = null |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it necessary? This Location parameter does not affect method logic and is just workaround for PermissionResolver
. It is also security risk, as not setting this parameter will omit some of limitations checks.
Related comment: ezsystems/ezplatform-admin-ui#2112 (comment) |
v3.3
Currently, Content Object State assignment is validated, as permissions go, utilizing
ContentInfo
which in my opinion is wrong, as that leaves Subtree Limitation pretty much useless, and yet, this limitation is available for a choosing when we are dealing with thestate/assign
policy.To keep BC I've provided a new argument that is
?Location = null
. ThisLocation
would be later checked against Subtree Limitation when assigning an Object State to a certain Content.Related PR: ezsystems/ezplatform-admin-ui#2112
Checklist:
$ composer fix-cs
).@ezsystems/engineering-team
).