On 29 April 2010 10:02, Trong Tran <trongtt@gmail.com> wrote:
Hi Matthew,

On 29 April 2010 01:58, Matthew Wringe <mwringe@redhat.com> wrote:
I created https://jira.jboss.org/jira/browse/GTNPORTAL-1137 but it seems
like it might be somewhat working depending on what it actually means.

What is the permission setting in application registry suppose to do
actually do? Is it suppose to prevent a user from accessing the content
or to prevent a user from adding that type of portlet to a page?

It prevents a user from accessing the content
 

Each portlet or gadget can specify a 'access permission', but this
doesn't seem to prevent users from viewing the application.

What it does seem to do is if an unauthorized user tries to add this
portlet to a page, they can add the portlet, they just can't view the
added portlet on the page. This doesn't seem like expected behaviour
either.

now this behaviour is expected actually except we re-define clearly what it should be

About the GTNPORTAL-1137 :
+ I can change the permission of a portlet and still have an unauthorized user view its content. This is considered as a bug and we are checking it

i can not reproduce it. in my test, the unauthorized user can not view the content of a portlet if its access permission is set up
 

+ It does seem to prevent a user from viewing a gadget as a portlet on the dashboard page, but they can still add the gadget as a gadget to the dashboard page. This behaviour is expected too except we re-define it :-)
 

_______________________________________________
gatein-dev mailing list
gatein-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/gatein-dev



--
Tran The Trong
eXo Platform SAS



--
Tran The Trong
eXo Platform SAS