Team, Ate found a situation where page security implemented in the PageManager is causing a permitted page view to fail.
As some of you know the page layout portlet attempts to update the page if it has had to adjust rows and columns while laying out the fragments. This request is made via the PageManager, (David was not aware this was being done, so perhaps someone can recall why this is being done at all)? If the user does not have edit permission when the layout update is requested, I was simply going to silently skip the persistent update, leaving the trasient edits in place. The problem with this is that if a page owner comes back in later, the previous update will not need to be done and thus the page update would not be done as intended either. I could: - let the layout portlet simply skip the update, - try to perfrom the update as admin by changing the login for the duration of the update, - add some kind of dirty flag to the page, or - add an API to PageManager that allowed the usual security checks to be skipped. Thoughts? Randy
