[
https://issues.apache.org/jira/browse/RAVE-859?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paul Sharples updated RAVE-859:
-------------------------------
Attachment: rave-project.patch
In JpaPageRepository the method "deletePages" operates on a resultset obtained
from the named query "JpaPageUser.GET_BY_USER_ID_AND_PAGE_TYPE".
That query is used in a few other places - to get all the pages for a user in
the page controller for example (to show owned & shared pages alongside each
other). However, when deleting pages it should check to see if the page is
owned by this user or not before actually deleting it. (If the user is not the
owner, remove the pageUser entry from the page instead, preserving the original
page object)
I've attached a small patch.
> Deleting a user who has pages shared with, but is not the owner, also deletes
> those shared pages
> ------------------------------------------------------------------------------------------------
>
> Key: RAVE-859
> URL: https://issues.apache.org/jira/browse/RAVE-859
> Project: Rave
> Issue Type: Bug
> Affects Versions: 0.18
> Reporter: Ate Douma
> Attachments: rave-project.patch
>
>
> Reproduction path:
> - as canonical create a page 'test' and share it with john.doe (read-only or
> with permissions)
> - as john.doe accept the shared 'test' page
> - as canonical (or any admin) delete the user john.doe
> - the canonical owned page 'test' also is deleted
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
