Martin Hesse created ISIS-2700:
----------------------------------
Summary: Veto Viewing permission for Type not honored
Key: ISIS-2700
URL: https://issues.apache.org/jira/browse/ISIS-2700
Project: Isis
Issue Type: Bug
Components: Isis Extensions SecMan, Isis Viewer Wicket
Affects Versions: 2.0.0-M5
Reporter: Martin Hesse
A permission that vetoes the viewing of a type (such as in the example below)
is not fully honored. In this concrete case a user that is being assigned a
role with this permission (and no other roles with any permission that would
contradict this permission) could still navigate to an entity page of a
ApplicationUser and would see the title and the the icon and perhaps an empty
metadata tab.
The expected behavior would be the display of an error message saying "Not
authorized or no such object".
!image-2021-05-26-15-12-23-848.png|width=720,height=144!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
