![]() |
|
|
|
|
Issue Type:
|
![Bug]() Bug
|
|
Affects Versions:
|
3.3 |
|
Assignee:
|
Christoph Meier
|
|
Components:
|
security |
|
Created:
|
28/Apr/14 12:08 PM
|
|
Description:
|
Since commenting is (or should be) possible for anonmyous user, anonmyous user should be allowed to create a thread. (When entering the 1st comment to a page, a thread-node is created in the pagecommenting-Forum-Node).
Note, that anonymous-user has the role "forum-pagecomments-user" - which should be sufficient to cretae the thread.
This worked "before"; but it has changed with the very last changes done on MGNLFORUM-253 (which is related to the "simple security model" on forum which was introduced with forum-3.3)
See DefaultForumManager#createThread.
It calls isModerator(hm,forum) which prevents anonymous-user to create the thread.
isModerator
also should log, if it returns false.
|
|
Fix Versions:
|
3.3.x, 3.4 |
|
Project:
|
Magnolia Forum Module
|
|
Priority:
|
![Blocker]() Blocker
|
|
Reporter:
|
Christoph Meier
|
|
Security Level:
|
Public |
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <
[email protected]>
----------------------------------------------------------------
