[magnolia-dev] [JIRA] Updated: (MGNLDATA-24) functions should be hidden based on user's permissions

Mon, 28 Jul 2008 04:23:21 -0700 

     [ 
http://jira.magnolia.info/browse/MGNLDATA-24?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gregory Joseph updated MGNLDATA-24:
-----------------------------------

    Fix Version/s: 1.2.1

> functions should be hidden based on user's permissions
> ------------------------------------------------------
>
>                 Key: MGNLDATA-24
>                 URL: http://jira.magnolia.info/browse/MGNLDATA-24
>             Project: Magnolia Data Module
>          Issue Type: Bug
>    Affects Versions: 1.1
>         Environment: local as well as http://demoauthor.magnolia.info/
>            Reporter: Wolfgang Habicht
>            Assignee: Philipp Bracher
>             Fix For: 1.2.1
>
>         Attachments: GenericDataAdminTreeConfig.java.patch, 
> TypeAdminTreeConfig.java.patch
>
>
> access-rights are incorrect
> It seems that a user can modify the data repository even without having the 
> correct permissions. However changes will not succeed.
> Too many options ('New Folder', 'New Item', 'Delete all', ...) are enabled.
> reproducibility:
> log in as administrator
> create new role 'test' and configure as following:
>   Config: read only (selected and sub nodes) to 
> /modules/adminInterface/config/menu/data
>   Data: read only (selected and sub nodes) to /example
>   URL: get & post to /*
> create new user 'dummy':
>   set only role /test
> log out, log in as dummy
> select in the menu 'Example' (in the only section Data)
> --> I get the options 'New Folder', 'New Item', 'Delete all', 'Activate all' 
> and 'Deactivate all'
> --> at least 'New Folder', 'New Item' and 'Delete all' should not be 
> activated, since read-only is configured
> Click on 'New Item' --> the edit Window opens
>   enter name and comment
>   click on 'Save' --> the window reloads, but does not close. Also the entry 
> is not saved.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/
----------------------------------------------------------------

Reply via email to