[gatein-issues] [JBoss JIRA] (GTNPORTAL-1163) Missing permission check on displayed items in 'portalnavigation' node 's page
Boleslaw Dawidowicz (JIRA)
jira-events at lists.jboss.org
Fri Jul 27 17:32:08 EDT 2012
[ https://issues.jboss.org/browse/GTNPORTAL-1163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boleslaw Dawidowicz closed GTNPORTAL-1163.
------------------------------------------
Resolution: Out of Date
Should be verified in gatein master and reopened if still valid
> Missing permission check on displayed items in 'portalnavigation' node 's page
> -------------------------------------------------------------------------------
>
> Key: GTNPORTAL-1163
> URL: https://issues.jboss.org/browse/GTNPORTAL-1163
> Project: GateIn Portal
> Issue Type: Bug
> Affects Versions: 3.0.0-GA
> Reporter: Minh Hoang TO
> Assignee: Minh Hoang TO
>
> When user clicks on 'Site' node, the page content shows portal sites for which he/she has edit permission either on navigation or layout. The current Java code check only edit permissions on PortalConfig
> // Get portals without edit permission
> UserACL userACL = getApplicationComponent(UserACL.class);
> Iterator<PortalConfig> iterPortals = tempArrayList.iterator();
> PortalConfig portalConfig;
> while (iterPortals.hasNext())
> {
> portalConfig = iterPortals.next();
> if (!userACL.hasEditPermission(portalConfig))
> {
> iterPortals.remove();
> }
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the gatein-issues
mailing list