[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-1474) Portal Page "view" and "viewrecursive" are equivilent.
Andrew Oliver (JIRA)
jira-events at lists.jboss.org
Tue Jun 5 16:44:12 EDT 2007
Portal Page "view" and "viewrecursive" are equivilent.
--------------------------------------------------------
Key: JBPORTAL-1474
URL: http://jira.jboss.com/jira/browse/JBPORTAL-1474
Project: JBoss Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Portal Security
Affects Versions: 2.4.1 SP1
Reporter: Andrew Oliver
Assigned To: Julien Viet
Create a Page, set that page to no unchecked actions and user "view". Add a CMSPortlet instance called whatever you like. Set that instance on the page to no permissions or only admin view. Log in as a plain user. The user can see the portlet if he can see the page even though the page is view and he has no permission to view that particular portlet. Thus it is not clear how you'd secure an individual portlet independent of page security.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list