[jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-2114) Feeds should honor access levels

Christian Bauer (JIRA) jira-events at lists.jboss.org
Fri Nov 9 10:03:44 EST 2007

     [ http://jira.jboss.com/jira/browse/JBSEAM-2114?page=all ]

Christian Bauer closed JBSEAM-2114.

    Fix Version/s: 2.0.1.GA
       Resolution: Done

Feeds and feed entries are now completely permissioned, access level of the currently logged in user (Basic HTTP auth for FeedServlet) are honored.

> Feeds should honor access levels
> --------------------------------
>                 Key: JBSEAM-2114
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-2114
>             Project: JBoss Seam
>          Issue Type: Feature Request
>          Components: Wiki
>            Reporter: Christian Bauer
>         Assigned To: Christian Bauer
>             Fix For: 2.0.1.GA
> The FeedDAO uses the restrictedEntityManager but there are no access permission checks on the feed entries. This might require an additional READ_ACCESS_LEVEL column on the feed entry table. Currently anyone can access a feed if they know the identifier, even if they have no permission to access the directory/documents!

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


More information about the seam-issues mailing list