![]() |
|
|
|
|
Issue Type:
|
![Story]() Story
|
|
Assignee:
|
Christoph Meier
|
|
Components:
|
security |
|
Created:
|
05/Mar/14 5:12 PM
|
|
Description:
|
Forum on M4.5 had sophisticated security-model which cannot be properly used with current M5.
Bootstrap (originating from M4.5-version) installs these 4 roles.
1) forum-base
2) forum_ALL-user
3) forum_ALL-admin
4) forum_ALL-moderator
(2), (3) and (4) all come with an ACL-permission for the forum-workspace which M5-security-app cannot display correct (see screenshot) and is lost when someone is editing it.
Forum 3.3 should apply the following simple security model:
(a) role forum-base is required to access the forum-app
(b) to moderate (=> approve or reject a message) a user must have the role forum_ALL-moderator or forum_ALL-admin
(c) if a user has the above described permission to moderate a forum, he can moderate every forum
(a) is already done but probably arguable.
|
|
Fix Versions:
|
3.3 |
|
Project:
|
Magnolia Forum Module
|
|
Priority:
|
![Neutral]() Neutral
|
|
Reporter:
|
Christoph Meier
|
|
Security Level:
|
Public |
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <
[email protected]>
----------------------------------------------------------------
