BUG: Login-Overlay pops up when trying to edit a link (1.4.x)

[Benjamin-K]

Since updating to Version 1.4.1, as soon as we click on a node with a link in the sidebar or try to add/edit a link in the inline editor, the login overlay pops up.

We have already tried to (re)add the new privilegeTarget to some of our roles with no success. But it looks like the privileges are not applied correctly.

[lcherpit]

Same behavior here with Archaeopteryx 1.4.2 with Neos UI version: 8.3.10 Authenticated as Neos.Neos:Administrator,.

It's seems like the security framework doesn't knows where the request come from.
As a test, by giving more open rights like below, it works.

roles:
  'Neos.Flow:Everybody':
    privileges:
      - privilegeTarget: 'Sitegeist.Archaeopteryx:ApiAccess'
        permission: GRANT

How to find out more ?

[Benjamin-K]

Thanks @lcherpit for further investments here. We still can't use ~1.4.0, as this issue still exists. Would like to help, but don't know how.

[lcherpit]

here too. I still use the version just before new api, route and policy implementations. But, I didn't already test on a fresh basic Neos install.

[hphoeksma]

Same here. Multi site installation. All versions after 1.4.x affected, also 1.5.x

[nezaniel]

Just to check because it solved the issue on 1.6 for me:

After installing and ./flow flow:package:rescan, did you re-login into the backend afterwards? Because the required additional privileges are only assigned to new backend user sessions.