[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-2289) CMS security - disabling image visibility can lead into three different states

[Viliam Rockai (JIRA)]

CMS security - disabling image visibility can lead into three different states
------------------------------------------------------------------------------

                 Key: JBPORTAL-2289
                 URL: https://jira.jboss.org/jira/browse/JBPORTAL-2289
             Project: JBoss Portal
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Portal CMS
    Affects Versions: 2.7.1 Final
         Environment: lenovo t61, fedora 9, java 1.5
            Reporter: Viliam Rockai
            Assignee: Sohil Shah
            Priority: Minor
             Fix For: 2.7.2 Final


restricting an access to image in cms (security) can aim into three different states after the restrictions are set.

steps:
- login as admin/admin
- goto admin->CMS
- navigate to "default" folder and then to "images" folder
- click on the "epp4.3.gif" file
- in "select action" choose "secure"
- set Administrators, admin in each box
- click secure
- click logout

you are now at the default page and you should be able to see the picture

- click refresh

you now should not see the image - the link to the image is "broken"

- click refresh

you now see 
	
ERROR
Cause: org.jboss.portal.cms.CMSException: Access to this resource is denied 


changes should go to epp branch, too.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira