[
https://issues.jboss.org/browse/GTNPORTAL-1008?page=com.atlassian.jira.pl...
]
Michal Vanco commented on GTNPORTAL-1008:
-----------------------------------------
This issue needs attention (fix version wasn't set properly).
Another related bug is that not only gadget permission is ignored, but also a category
(with limited access) with any gadget is visible to all users on dashboard.
Gadget permissions are not working correctly (gagdet with restricted
access in the AppReg are visible)
------------------------------------------------------------------------------------------------------
Key: GTNPORTAL-1008
URL:
https://issues.jboss.org/browse/GTNPORTAL-1008
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Security
Affects Versions: 3.0.0-GA
Reporter: Tugdual Grall
Assignee: Minh Hoang TO
Fix For: 3.2.0-M02
Original Estimate: 6 hours
Remaining Estimate: 6 hours
When in the App registry a gadget as been set to visible only to a restricted audience
this permission is not used when in the portlet/gadget catalog.
Use case:
1- Connect as Root
2- Go in the App Registry
3- Select one gadget, for example ToDo
4- Set the permission to /platform/administrators usrs
5- log out
6- connect as mary/gtn
7- go to your dashboard
8- click add gadget:
9 - BUG: you can see the ToDo Gadget and you can add it to the page ( You are not
supposed to)
10 - Edit your page
11- Click on Gadget:
12- BUG: you can see the ToDo gadget (same bug as before)
13-BUG Add it on the page, you can drop it but it wil not be visible (protected content)
since you are not allowed to do it.
FIX: we need to hide the gadget from the catalog when the permissions are set.
--
This message is automatically generated by JIRA.
For more information on JIRA, see:
http://www.atlassian.com/software/jira