[jboss-jira] [JBoss JIRA] Commented: (JBPORTAL-1239) page level security not honored in the navigation system

Thomas Heute (JIRA) jira-events at lists.jboss.org
Wed Apr 25 08:00:30 EDT 2007 

    [ http://jira.jboss.com/jira/browse/JBPORTAL-1239?page=comments#action_12360441 ] 
            
Thomas Heute commented on JBPORTAL-1239:
----------------------------------------

What i did to test:

Changed the default portal level from view-recursive to view (only) for users of the unchecked role.
Change the default page of the default portal to view (only) for users of the unchecked role.

Test and News pages won't get displayed in the tabs. (since i didn't add a view authorization).

PS: The other remark has nothing to do in Jira, please use the forums. By the way i have this in the pipe already (Writing doco on how to change the header tabs and links).

> page level security not honored in the navigation system
> --------------------------------------------------------
>
>                 Key: JBPORTAL-1239
>                 URL: http://jira.jboss.com/jira/browse/JBPORTAL-1239
>             Project: JBoss Portal
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Portal Security
>    Affects Versions: 2.6.CR1, 2.6.Beta1
>         Environment: Windows XP
>            Reporter: Stephen Westbom
>         Assigned To: Thomas Heute
>             Fix For: 2.6.Beta1
>
>
> In 2.4 sp1 pages are checked for security before being displayed as a tab in the navigation using this jsp:
> jboss-portal.sar\portal-core.war\WEB-INF\jsp\catalog\index.jsp
> This seems to be handled by the psib request parameter (a map). In 2.4 the map only gives you PortalNodeURLs that you have permissions on, in all the 2.6 versions you get all the siblingURLs (your term in the JSP page) regardless of the permission settings in the {project name}_object.xml
> Can this be fixed so that the psib parameter only gives you a handle to a map that gives you objects you have permissions to see?
> Thanks
> Stephen

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list