[
http://jira.magnolia-cms.com/browse/MAGNOLIA-2674?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Philipp Bärfuss resolved MAGNOLIA-2674.
---------------------------------------
Resolution: Fixed
For time being we accept that fix as it solves related issues. I have created a
wiki page on which I started to collect security/ACL related issues.
http://wiki.magnolia-cms.com/display/DEV/Concept+Security+and+ACLs
> User permissions are not checked consistently when removing node data
> ---------------------------------------------------------------------
>
> Key: MAGNOLIA-2674
> URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-2674
> Project: Magnolia
> Issue Type: Bug
> Components: core, security
> Affects Versions: 4.0.1, 3.6.5
> Reporter: Jan Haderka
> Assignee: Jan Haderka
> Priority: Critical
> Fix For: 3.6.x, 4.0.2, 4.1
>
>
> When removing node data using {{hm.getRoot().delete(String path)}} where
> {{path}} points to node data, the whole path is asserted when checking
> permissions as expected. However when removing very same node data using
> {{hm.getContent(String parentPath).deleteNodeData(String name)}} where
> {{parentPath + "/" + "name" == path}} the remove permission of the parent
> node is checked instead of remove permission of the node data.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
