[magnolia-dev] [JIRA] (MGNLWORKFLOW-179) Any user can launch a workflow regardless of their permissions

[JIRA (on behalf of Federico Grilli)]

Federico Grilli updated MGNLWORKFLOW-179 Any user can launch a workflow regardless of their permissions Change By: Federico Grilli (11/Dec/13 11:10 AM) Description: As long as a workflow action is available in the UI, there's no security check regarding the grants owned by the current user. The basic rule should be "user has Read+Write grants on the workflow workspace AND has at least Read grant on the node they're trying to publish  is located .

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

---

----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com>
----------------------------------------------------------------