[jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-2114) Feeds should honor access levels
Christian Bauer (JIRA)
jira-events at lists.jboss.org
Fri Nov 9 10:03:44 EST 2007
[ http://jira.jboss.com/jira/browse/JBSEAM-2114?page=all ]
Christian Bauer closed JBSEAM-2114.
-----------------------------------
Fix Version/s: 2.0.1.GA
Resolution: Done
Feeds and feed entries are now completely permissioned, access level of the currently logged in user (Basic HTTP auth for FeedServlet) are honored.
> Feeds should honor access levels
> --------------------------------
>
> Key: JBSEAM-2114
> URL: http://jira.jboss.com/jira/browse/JBSEAM-2114
> Project: JBoss Seam
> Issue Type: Feature Request
> Components: Wiki
> Reporter: Christian Bauer
> Assigned To: Christian Bauer
> Fix For: 2.0.1.GA
>
>
> The FeedDAO uses the restrictedEntityManager but there are no access permission checks on the feed entries. This might require an additional READ_ACCESS_LEVEL column on the feed entry table. Currently anyone can access a feed if they know the identifier, even if they have no permission to access the directory/documents!
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list