Endless login when user does not have access to first menu item

Fixed in

EPiServer.CMS.UI 11.27.0

Created

Jun 24, 2020

Updated

Sep 09, 2020

Area

CMS UI

State

Closed, Fixed and tested


Description

Steps to reproduce:
1. Add custom menu provider where the first item requires specific access rights:

[MenuProvider]
    public class CustomMenuProvider : IMenuProvider
    {
        const string MainMenuPath = MenuPaths.Global + "/customSection";
 
        public IEnumerable<MenuItem> GetMenuItems()
        {
            var menuItems = new List<MenuItem>();
 
            menuItems.Add(new SectionMenuItem("Custom CMS", MainMenuPath)
            {
                SortIndex = SortIndex.Last + 10,
                IsAvailable = (request) => PrincipalInfo.HasEditAccess
            });
 
            menuItems.Add(new UrlMenuItem("CMS admin", MainMenuPath + "/item1",
                 UriSupport.ResolveUrlFromUIAsRelativeOrAbsolute("Admin/Default.aspx"))
            {
                SortIndex = 1,
                IsAvailable = (request) => PrincipalInfo.HasAdminAccess
            });
 
            menuItems.Add(new RouteMenuItem("CMS edit", MainMenuPath + "/item2",
                 new RouteValueDictionary(new { controller = "Home", moduleArea = "Cms" }))
            {
                SortIndex = 2,
            });
 
            return menuItems;
        }
    }

2. Log in with a user that does not have access to first item but has access to second item. In the example code that would mean a user that does not have access to admin mode but has access to edit mode.
3. Open global product menu and click on Custom CMS

Expected: Should go to the second item that the user have access to
Actual: User get a login page that nothing happens on after login since the user does not have access.