[SOLVED] "Asset Scripts" appears under settings when you don't have permission to view it

I have…

  • [x] Checked the logs and have uploaded a log file and provided a link because I found something suspicious there. Please do not post the log file in the topic because very often something important is missing.

I’m submitting a…

  • [ ] Regression (a behavior that stopped working in a new release)
  • [x] Bug report
  • [ ] Performance issue
  • [ ] Documentation issue or request

Current behavior

“Asset Scripts” appears under settings when you do not have permission to view it. Clicking on it shows you a ‘Forbidden’ error page.

image

image

Expected behavior

“Asset Scripts” does not appear under settings when you do not have permission to view it.

Minimal reproduction of the problem

Assign a user to a Role that does not have the asset-scripts.read permission and has not checked the ‘Hide Settings’ checkbox, login as that user and navigate to the Settings page and click the “Asset Scripts” link.

Environment

  • [x] Self hosted with docker
  • [ ] Self hosted with IIS
  • [ ] Self hosted with other version
  • [ ] Cloud version

Version: “Allow file drop without supported mime type.” 7460cc0fe36a72675eda69ce3ea036d2dd61b7a7

Browser:

  • [x] Chrome (desktop)
  • [ ] Chrome (Android)
  • [ ] Chrome (iOS)
  • [x] Firefox
  • [ ] Safari (desktop)
  • [ ] Safari (iOS)
  • [ ] IE
  • [ ] Edge

Others:
This is not a major issue for us but just wanted to record it somewhere. I am creating a readonly role for developers in a production environment to facilitate diagnosing issues and there are a few other little possible bugs I am raising as I thought you would prefer that to one bigger support ticket with multiple bugs in it.

As an aside the “Back to previous page.” link on the Forbidden error page goes back to the Squidex site page to select an App, unsure if this is expected or not, again not a major issue.

This topic was automatically closed after 2 days. New replies are no longer allowed.