[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-2155) Any CMS user can access secured cms items through preview function
Martin Putz (JIRA)
jira-events at lists.jboss.org
Mon Sep 15 05:41:20 EDT 2008
Any CMS user can access secured cms items through preview function
------------------------------------------------------------------
Key: JBPORTAL-2155
URL: https://jira.jboss.org/jira/browse/JBPORTAL-2155
Project: JBoss Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Portal CMS
Affects Versions: 2.6.6 Final
Reporter: Martin Putz
Assignee: Sohil Shah
Any CMS user is allowed to use the preview function of the workflow if he
1. knows the deep link or
2. has the workflow manager role
but has no read, write nor manage privilieges for the corresponding cms item.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list