[gatein-issues] [JBoss JIRA] Commented: (GTNPORTAL-1008) Gadget permissions are not working correctly (gagdet with restricted access in the AppReg are visible)

Michal Vanco (JIRA) jira-events at lists.jboss.org
Thu Aug 18 05:29:17 EDT 2011 

    [ https://issues.jboss.org/browse/GTNPORTAL-1008?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12621839#comment-12621839 ] 

Michal Vanco commented on GTNPORTAL-1008:
-----------------------------------------

This issue needs attention (fix version wasn't set properly).
Another related bug is that not only gadget permission is ignored, but also a category (with limited access) with any gadget is visible to all users on dashboard.

> Gadget permissions are not working correctly (gagdet with restricted access in the AppReg are visible)
> ------------------------------------------------------------------------------------------------------
>
>                 Key: GTNPORTAL-1008
>                 URL: https://issues.jboss.org/browse/GTNPORTAL-1008
>             Project: GateIn Portal
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: 3.0.0-GA
>            Reporter: Tugdual Grall
>            Assignee: Minh Hoang TO
>             Fix For: 3.2.0-M02
>
>   Original Estimate: 6 hours
>  Remaining Estimate: 6 hours
>
> When in the App registry a gadget as been set to visible only to a restricted audience this permission is not used when in the portlet/gadget catalog.
> Use case:
> 1- Connect as Root
> 2- Go in the App Registry
> 3- Select one gadget, for example ToDo
> 4- Set the permission to /platform/administrators usrs
> 5- log out
> 6- connect as mary/gtn
> 7- go to your dashboard
> 8- click add gadget:
> 9 - BUG: you can see the ToDo Gadget and you can add it to the page ( You are not supposed to)
> 10 - Edit your page
> 11- Click on Gadget: 
> 12- BUG: you can see the ToDo gadget (same bug as before)
> 13-BUG Add it on the page, you can drop it but it wil not be visible (protected content) since you are not allowed to do it.
> FIX: we need to hide the gadget from the catalog when the permissions are set.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the gatein-issues mailing list