[jboss-jira] [JBoss JIRA] Updated: (JBPORTAL-1239) page level security not honored in the navigation system
Stephen Westbom (JIRA)
jira-events at lists.jboss.org
Thu Feb 15 10:01:32 EST 2007
[ http://jira.jboss.com/jira/browse/JBPORTAL-1239?page=all ]
Stephen Westbom updated JBPORTAL-1239:
--------------------------------------
RU on the alpha2 build or trunk? I tried Admin on the test page to no avail (tried it by setting overwrite in default_object.xml for the test), then verified it in the DB just to make sure it was set correctly in JBP_OBJECT_NODE_SEC. No workie!
Will try it with this morning's trunk build and let you know. (Inadvertent fix?)
> page level security not honored in the navigation system
> --------------------------------------------------------
>
> Key: JBPORTAL-1239
> URL: http://jira.jboss.com/jira/browse/JBPORTAL-1239
> Project: JBoss Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Portal Security
> Affects Versions: 2.6.Alpha2
> Environment: Windows XP
> Reporter: Stephen Westbom
> Assigned To: Julien Viet
>
> In 2.4 sp1 pages are checked for security before being displayed as a tab in the navigation using this jsp:
> jboss-portal.sar\portal-core.war\WEB-INF\jsp\catalog\index.jsp
> This seems to be handled by the psib request parameter (a map). In 2.4 the map only gives you PortalNodeURLs that you have permissions on, in all the 2.6 versions you get all the siblingURLs (your term in the JSP page) regardless of the permission settings in the {project name}_object.xml
> Can this be fixed so that the psib parameter only gives you a handle to a map that gives you objects you have permissions to see?
> Thanks
> Stephen
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list