[jboss-jira] [JBoss JIRA] Commented: (JBPORTAL-1239) page level security not honored in the navigation system

[Stephen Westbom (JIRA)]

    [ http://jira.jboss.com/jira/browse/JBPORTAL-1239?page=comments#action_12360450 ] 
            
Stephen Westbom commented on JBPORTAL-1239:
-------------------------------------------

The default permissions on the default portal level seem to be view recursive.  Once I added in the view permission at the default portal level it did the right thing.  Can you create a sequence diagram for the navigation system and document the pieces?

> page level security not honored in the navigation system
> --------------------------------------------------------
>
>                 Key: JBPORTAL-1239
>                 URL: http://jira.jboss.com/jira/browse/JBPORTAL-1239
>             Project: JBoss Portal
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Portal Security
>    Affects Versions: 2.6.CR1, 2.6.Beta1
>         Environment: Windows XP
>            Reporter: Stephen Westbom
>         Assigned To: Thomas Heute
>             Fix For: 2.6.Beta1
>
>
> In 2.4 sp1 pages are checked for security before being displayed as a tab in the navigation using this jsp:
> jboss-portal.sar\portal-core.war\WEB-INF\jsp\catalog\index.jsp
> This seems to be handled by the psib request parameter (a map). In 2.4 the map only gives you PortalNodeURLs that you have permissions on, in all the 2.6 versions you get all the siblingURLs (your term in the JSP page) regardless of the permission settings in the {project name}_object.xml
> Can this be fixed so that the psib parameter only gives you a handle to a map that gives you objects you have permissions to see?
> Thanks
> Stephen

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira