[
http://jira.jboss.com/jira/browse/JBSEAM-2114?page=all ]
Christian Bauer updated JBSEAM-2114:
------------------------------------
Summary: Feeds should honor access levels (was: Feed servlet does not filter
access level)
Issue Type: Feature Request (was: Bug)
This is not really a bug because only GUEST_ACCESS_LEVEL documents are ever pushed onto
feeds. However, for the forum we need permissions on feeds anyway, so I'm going to
implement HTTP authentication for any feed that is associated with a !guest-readable
directory. Feed readers seem to support authentication.
Feeds should honor access levels
--------------------------------
Key: JBSEAM-2114
URL:
http://jira.jboss.com/jira/browse/JBSEAM-2114
Project: JBoss Seam
Issue Type: Feature Request
Components: Wiki
Reporter: Christian Bauer
Assigned To: Christian Bauer
The FeedDAO uses the restrictedEntityManager but there are no access permission checks on
the feed entries. This might require an additional READ_ACCESS_LEVEL column on the feed
entry table. Currently anyone can access a feed if they know the identifier, even if they
have no permission to access the directory/documents!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira