[
http://jira.codehaus.org/browse/CONTINUUM-1147?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Maria Odea Ching updated CONTINUUM-1147:
----------------------------------------
Attachment: CONTINUUM-1147-continuum-webapp.patch
Attached patch for this issue. Thanks!
An abstract class that performs authorization checks were created. The action
classes implements an isAuthorized() method that invokes the approriate
isAuthorized***() method for the action. When the permission is not authorized,
the user will be redirected to the accessDenied page. If the action fails
authentication, the user will be redirected to the login page.
> Even if a user doesn't show a group in the group summary (because he doesn't
> have roles), he can access to the project group page and all other sub pages
> if he knows the url
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CONTINUUM-1147
> URL: http://jira.codehaus.org/browse/CONTINUUM-1147
> Project: Continuum
> Issue Type: Bug
> Components: Security
> Reporter: Maria Odea Ching
> Assigned To: Maria Odea Ching
> Attachments: CONTINUUM-1147-continuum-webapp.patch
>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
