[gatein-issues] [JBoss JIRA] Closed: (GTNPORTAL-648) Portlet Permissions : I can view a portlet I shouldn't
Hang Nguyen (JIRA)
jira-events at lists.jboss.org
Tue Feb 15 04:31:13 EST 2011
[ https://issues.jboss.org/browse/GTNPORTAL-648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hang Nguyen closed GTNPORTAL-648.
---------------------------------
> Portlet Permissions : I can view a portlet I shouldn't
> ------------------------------------------------------
>
> Key: GTNPORTAL-648
> URL: https://issues.jboss.org/browse/GTNPORTAL-648
> Project: GateIn Portal
> Issue Type: Bug
> Affects Versions: 3.0.0-Beta05-CP01
> Reporter: Benjamin Paillereau
> Assignee: Trong Tran
> Priority: Critical
> Fix For: 3.0.0-GA
>
>
> Use case :
> - Connect as root
> -- john => make sure, he's only member:/platform/administrators
> -- I put a simple portlet in a page with Access Permission for manager:/platform/administrators (only root)
> - Connect as john
> - then try step 1 then 2
> 1/ submenu error
> -- go to the page with the limited access portlet
> --- I don't see the portlet in the page (normal behaviour)
> -- => error in the admin bar, we don't see sub-menus anymore
> 2/ security error
> -- Go to Site / Edit Navigation / Edit Node's page
> --- john can edit the page with the portlet he should'nt be able to see
> --- john can
> ---- see the portlet view via Switch View mode (security problem with view)
> ---- edit the portelt and change Access Permissions (big security problem)
> Normal behaviour should be that :
> - john can edit the page but don't see the portlet
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the gatein-issues
mailing list