Re: [gatein-dev] Permission in Application Registry
Hi Matthew,
On 29 April 2010 01:58, Matthew Wringe <mwringe(a)redhat.com> wrote:
I created https://jira.jboss.org/jira/browse/GTNPORTAL-1137 but it
seems
like it might be somewhat working depending on what it actually means.
What is the permission setting in application registry suppose to do
actually do? Is it suppose to prevent a user from accessing the content
or to prevent a user from adding that type of portlet to a page?
It prevents a user from accessing the content
Each portlet or gadget can specify a 'access permission', but this
doesn't seem to prevent users from viewing the application.
What it does seem to do is if an unauthorized user tries to add this
portlet to a page, they can add the portlet, they just can't view the
added portlet on the page. This doesn't seem like expected behaviour
either.
now this behaviour is expected actually except we re-define clearly what it
should be
About the GTNPORTAL-1137 :
+* I can change the permission of a portlet and still have an unauthorized
user view its content*. This is considered as a bug and we are checking it
+ *It does seem to prevent a user from viewing a gadget as a portlet on the
dashboard page, but they can still add the gadget as a gadget to the
dashboard page*. This behaviour is expected too except we re-define it :-)
_______________________________________________
gatein-dev mailing list
gatein-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/gatein-dev
--
Tran The Trong
eXo Platform SAS
Attachments:
- attachment.html (text/html — 2.4 KB)