+1-888-365-2779
Try Now
More in this section

Forums / Bugs & Issues / 9.6119.0 - Related data field for dynamic content type - no security trimming

9.6119.0 - Related data field for dynamic content type - no security trimming

1 posts, 0 answered
  1. Adam
    Adam avatar
    23 posts
    Registered:
    05 Apr 2013
    5 days and 9 hours ago
    Link to this post
    When I create a content type and restrict its permissions (view, create, etc) to a certain role, or set of roles, users not in those roles can still see all of them. Also,  since the related data field is pulling from an api, this seems like a bad security hole. There's nothing preventing users from making those api calls themselves.
1 posts, 0 answered