Permissions for Sitesettings are not working correctly


Given is the following situation:

Installation with two sites:

  • Site A

  • Site B

Two usergroups:

  • Contentadmin A

  • Contentadmin B

The permissions on the site are set as following:

  • Site A: Allow Contentadmin A, deny all other groups

  • Site B: Allow Contentadmin B, deny all other groups

The problem:
When logging in as a user from group Contentadmin A the site menu is show only with Site A. There's also the menu entry "Manage sites".
Clicking on this entry shows a list of all sites and allows to see and modify the settings for all sites.

I think this is not correct. Contentadmins for Site A should only be allowed to see and modify Site A, but not Site B. The datagrid should be filtered based on the permission, which is not now.

The setting in config.cfc (settings.adminRoles.contentadmin) allows access to all site settings, but though the datagrid is not filtered.

Maybe I just understand it wrong, but if I don't have permissions to a site I shouldn't be able to access the settings.






Michael Hnat