Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[4.x]: canView checked directly on element rather than running though the elements service? #13981

Closed
samhibberd opened this issue Nov 30, 2023 · 3 comments
Closed

[4.x]: canView checked directly on element rather than running though the elements service? #13981

samhibberd opened this issue Nov 30, 2023 · 3 comments
Assignees
@i-just
Labels
bug craft4

Comments

@samhibberd
Copy link

What happened?

Testing our custom permissions logic and when using the elements/save controller to save elements the canView method is called directly on the element rather that going via the elements service:

cms/src/controllers/ElementsController.php

Line 1905 in da1a32b

if (!$element->canView(static::currentUser())) {

Needs to be updated to:

if (!$elementsService->canView($element, static::currentUser())) {
    throw new ForbiddenHttpException('User not authorized to edit this element.');
}

Similar to craftcms/commerce#3285

Craft CMS version

4.5.11

PHP version

8.2

Operating system and version

No response

Database type and version

No response

Image driver and version

No response

Installed plugins and versions
@i-just i-just mentioned this issue Nov 30, 2023
Merged
@i-just
Copy link
Contributor

i-just commented Nov 30, 2023

Hi, thanks for reporting! I raised a PR for it.

@i-just i-just self-assigned this Nov 30, 2023
@brandonkelly
Copy link
Member

Craft 4.5.12 is out with the fix for this. Thanks again!

@samhibberd
Copy link
Author

Thanks @brandonkelly perfect timing, launching tomorrow 🥳

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@i-just i-just

Labels
bug craft4
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brandonkelly @samhibberd @i-just