Re: [gatein-dev] Permission in Application Registry

Hi Matthew, On 29 April 2010 01:58, Matthew Wringe <mwringe(a)redhat.com&gt; wrote: > I created https://jira.jboss.org/jira/browse/GTNPORTAL-1137 but it seems > like it might be somewhat working depending on what it actually means. > > What is the permission setting in application registry suppose to do > actually do? Is it suppose to prevent a user from accessing the content > or to prevent a user from adding that type of portlet to a page? > It prevents a user from accessing the content > > Each portlet or gadget can specify a 'access permission', but this > doesn't seem to prevent users from viewing the application. > > What it does seem to do is if an unauthorized user tries to add this > portlet to a page, they can add the portlet, they just can't view the > added portlet on the page. This doesn't seem like expected behaviour > either. > now this behaviour is expected actually except we re-define clearly what it should be About the GTNPORTAL-1137 : +* I can change the permission of a portlet and still have an unauthorized user view its content*. This is considered as a bug and we are checking it

+ *It does seem to prevent a user from viewing a gadget as a portlet on the dashboard page, but they can still add the gadget as a gadget to the dashboard page*. This behaviour is expected too except we re-define it :-) > > _______________________________________________ > gatein-dev mailing list > gatein-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/gatein-dev > -- Tran The Trong eXo Platform SAS