This site has been archived and you can no longer log in or post new messages. For up-to-date community resources please visit

eZ Community » Forums » Extensions » ezjscore call access

ezjscore call access

ezjscore call access

Thursday 14 June 2012 6:04:54 pm - 4 replies

Hello everybody.

I have a little question about ezjscore. If you check the site.ini of ezsjcore you can see that the anonymous user have access to call and hello views :


If a anonymous user enter the following url :

He can list the user account. I can comment the PolicyOmitList but if I upgrade ezpublish the changes will be removed.

However If I create a new server functions the anonymous user can't access to it unless I configure the rights.

Is there a way to block the access of ezjscnode to the anonymous users ?



Friday 15 June 2012 7:46:52 am

Hi Romain,

You can Reset The [RoleSettings] in the override/site.ini.append.php. But then you have to add all PolicyOmitList entries which are set in custom extension you need.


So you have under control what a anonymous user should be has access to by default.

For user who have access to ezjscore/call you have to create a policy in the ezbackend.

Hope this will help.

Cheers Felix

Modified on Friday 15 June 2012 7:48:33 am by Felix Woldt

Friday 15 June 2012 10:21:57 am

Hi Felix,

Thanks for your help. I don't understand why ezjscore have this role settings by default. I think that a lot of ezpublish site have not reset the role settings. 


Friday 15 June 2012 11:58:20 am

Hi Romain,

yes you are right ... it is not easy to understand why.

It could be an performance issue. Module which are permitted over the ini do not need a policy check on the db.

Cheers Felix

Saturday 16 June 2012 11:01:20 am

I think this has also been fixed in recent security-related commits - now the ezjscnode::subtree call will check permissions of current user, much in the same way as node/view/full does


You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from