[jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-2114) Feeds should honor access levels
[ http://jira.jboss.com/jira/browse/JBSEAM-2114?page=all ]
Christian Bauer closed JBSEAM-2114.
-----------------------------------
Fix Version/s: 2.0.1.GA
Resolution: Done
Feeds and feed entries are now completely permissioned, access level of the currently
logged in user (Basic HTTP auth for FeedServlet) are honored.
Feeds should honor access levels
--------------------------------
Key: JBSEAM-2114
URL: http://jira.jboss.com/jira/browse/JBSEAM-2114
Project: JBoss Seam
Issue Type: Feature Request
Components: Wiki
Reporter: Christian Bauer
Assigned To: Christian Bauer
Fix For: 2.0.1.GA
The FeedDAO uses the restrictedEntityManager but there are no access permission checks on
the feed entries. This might require an additional READ_ACCESS_LEVEL column on the feed
entry table. Currently anyone can access a feed if they know the identifier, even if they
have no permission to access the directory/documents!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira