You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[x] bug report => search github for a similar issue before submitting
[x] feature request
[x] not sure
...about
[x] edit experience / UI
[x] admin experience UI
[x] DNN parts
[x] other / unknown
Current Behavior / Expected Behavior
Users with draft-only permissions (řčǔď) cannot use the page picker in the WYSIWYG UI
Attempting to access it gives a 401 Unauthorized error, and the response from the HTTP request cointains Request not allowed. User does not have read permissions for query 'System.Pages'.
I have put this as both "bug" and "feature request", because I can understand by default not wanting to allow anonymous/non-editor users to access the System.Pages query, but there seems to be no way to grant the user access to it either, resulting in a confusing UI bug.
Instructions to Reproduce the Problem
Create an app
Make a View using a Content Type with a WYSIWYG field
Create a user
Enable PermissionCheckUsers feature in 2sxc
Grant the created user Draft CRUD permissions (řčǔď) on the app
As the user, try to click the "Link a page from the current site" button
Observe the 401 error.
Your environment
2sxc version(s): 17.9.0
Browser: all
DNN: 9.13.2
Hosting platform: azure
Language: English
The text was updated successfully, but these errors were encountered:
Browsing the page structure seems like quite a security risk for non-editors, since many sites could have pages which are either just invisible on purpose, or the pages-list could give away some "secrets".
I don't think we can just open this up - it would result in opening up unexpected security holes.
I believe the correct approach is to add this permission to DNN, so a user can be properly authorized to "browse page structure".
I'm submitting a
[x] bug report => search github for a similar issue before submitting
[x] feature request
[x] not sure
...about
[x] edit experience / UI
[x] admin experience UI
[x] DNN parts
[x] other / unknown
Current Behavior / Expected Behavior
Users with draft-only permissions (řčǔď) cannot use the page picker in the WYSIWYG UI
Attempting to access it gives a 401 Unauthorized error, and the response from the HTTP request cointains
Request not allowed. User does not have read permissions for query 'System.Pages'
.I have put this as both "bug" and "feature request", because I can understand by default not wanting to allow anonymous/non-editor users to access the
System.Pages
query, but there seems to be no way to grant the user access to it either, resulting in a confusing UI bug.Instructions to Reproduce the Problem
PermissionCheckUsers
feature in 2sxcYour environment
The text was updated successfully, but these errors were encountered: