[gatein-issues] [JBoss JIRA] Commented: (GTNPORTAL-1008) Gadget permissions are not working correctly (gagdet with restricted access in the AppReg are visible)
Michal Vanco (JIRA)
jira-events at lists.jboss.org
Thu Aug 18 05:29:17 EDT 2011
[ https://issues.jboss.org/browse/GTNPORTAL-1008?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12621839#comment-12621839 ]
Michal Vanco commented on GTNPORTAL-1008:
-----------------------------------------
This issue needs attention (fix version wasn't set properly).
Another related bug is that not only gadget permission is ignored, but also a category (with limited access) with any gadget is visible to all users on dashboard.
> Gadget permissions are not working correctly (gagdet with restricted access in the AppReg are visible)
> ------------------------------------------------------------------------------------------------------
>
> Key: GTNPORTAL-1008
> URL: https://issues.jboss.org/browse/GTNPORTAL-1008
> Project: GateIn Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Security
> Affects Versions: 3.0.0-GA
> Reporter: Tugdual Grall
> Assignee: Minh Hoang TO
> Fix For: 3.2.0-M02
>
> Original Estimate: 6 hours
> Remaining Estimate: 6 hours
>
> When in the App registry a gadget as been set to visible only to a restricted audience this permission is not used when in the portlet/gadget catalog.
> Use case:
> 1- Connect as Root
> 2- Go in the App Registry
> 3- Select one gadget, for example ToDo
> 4- Set the permission to /platform/administrators usrs
> 5- log out
> 6- connect as mary/gtn
> 7- go to your dashboard
> 8- click add gadget:
> 9 - BUG: you can see the ToDo Gadget and you can add it to the page ( You are not supposed to)
> 10 - Edit your page
> 11- Click on Gadget:
> 12- BUG: you can see the ToDo gadget (same bug as before)
> 13-BUG Add it on the page, you can drop it but it wil not be visible (protected content) since you are not allowed to do it.
> FIX: we need to hide the gadget from the catalog when the permissions are set.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the gatein-issues
mailing list