[jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-2114) Feeds should honor access levels

Christian Bauer (JIRA) jira-events at lists.jboss.org
Tue Nov 6 11:56:44 EST 2007

     [ http://jira.jboss.com/jira/browse/JBSEAM-2114?page=all ]

Christian Bauer updated JBSEAM-2114:

       Summary: Feeds should honor access levels  (was: Feed servlet does not filter access level)
    Issue Type: Feature Request  (was: Bug)

This is not really a bug because only GUEST_ACCESS_LEVEL documents are ever pushed onto feeds. However, for the forum we need permissions on feeds anyway, so I'm going to implement HTTP authentication for any feed that is associated with a !guest-readable directory. Feed readers seem to support authentication.

> Feeds should honor access levels
> --------------------------------
>                 Key: JBSEAM-2114
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-2114
>             Project: JBoss Seam
>          Issue Type: Feature Request
>          Components: Wiki
>            Reporter: Christian Bauer
>         Assigned To: Christian Bauer
> The FeedDAO uses the restrictedEntityManager but there are no access permission checks on the feed entries. This might require an additional READ_ACCESS_LEVEL column on the feed entry table. Currently anyone can access a feed if they know the identifier, even if they have no permission to access the directory/documents!

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


More information about the seam-issues mailing list