[magnolia-dev] [JIRA] (MGNLWORKFLOW-179) Any user can launch a workflow regardless of their permissions

[JIRA (on behalf of Federico Grilli)]

Federico Grilli created MGNLWORKFLOW-179 Any user can launch a workflow regardless of their permissions Issue Type: Bug Affects Versions: 5.2 Assignee: Federico Grilli Created: 10/Dec/13 6:47 PM Description: As long as a workflow action is available in the UI, there's no security check regarding the grants owned by the current user. The basic rule should be "user has Read+Write grants on the workflow workspace AND has at least Read grant on the workspace where the node they're trying to publish is located. Fix Versions: 5.2.1 Project: Magnolia Workflow Module Priority: Critical Reporter: Federico Grilli

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

---

----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com>
----------------------------------------------------------------