[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-2289) CMS security - disabling image visibility can lead into three different states

CMS security - disabling image visibility can lead into three different states ------------------------------------------------------------------------------ Key: JBPORTAL-2289 URL: https://jira.jboss.org/jira/browse/JBPORTAL-2289 Project: JBoss Portal Issue Type: Bug Security Level: Public (Everyone can see) Components: Portal CMS Affects Versions: 2.7.1 Final Environment: lenovo t61, fedora 9, java 1.5 Reporter: Viliam Rockai Assignee: Sohil Shah Priority: Minor Fix For: 2.7.2 Final restricting an access to image in cms (security) can aim into three different states after the restrictions are set. steps: - login as admin/admin - goto admin->CMS - navigate to "default" folder and then to "images" folder - click on the "epp4.3.gif" file - in "select action" choose "secure" - set Administrators, admin in each box - click secure - click logout you are now at the default page and you should be able to see the picture - click refresh you now should not see the image - the link to the image is "broken" - click refresh you now see ERROR Cause: org.jboss.portal.cms.CMSException: Access to this resource is denied changes should go to epp branch, too. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira