[jira] Commented: (JS2-595) allow end users to customize their user based default pages, but no allow them to add administrative portlets

[David Sean Taylor (JIRA)]

    [ 
http://issues.apache.org/jira/browse/JS2-595?page=comments#action_12440924 ] 
            
David Sean Taylor commented on JS2-595:
---------------------------------------

What roles do your users have?

The portlet selector will filter the list of portlets using security 
permissions checks.
You can view and change your Security Permissions using a new "Permissions" 
administrative portlet in the latest 2.1-dev head.

By default, in order to see an Administrative portlets ("j2-admin::*" in the 
portlet selector, your user must have the "admin" role


> allow end users to customize their user based default pages, but no allow 
> them to add administrative portlets
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: JS2-595
>                 URL: http://issues.apache.org/jira/browse/JS2-595
>             Project: Jetspeed 2
>          Issue Type: Wish
>          Components: Admin Portlets
>    Affects Versions: 2.1
>         Environment: windows 
>            Reporter: Scott Taylor
>
> I would like (and this may be possible and just improperly configured) to 
> allow all of my users to edit their personal default .psml pages.  However, 
> the customizer allows them to select the administrative portlets also (ie 
> PAM, PALM, others you don't want the masses to have access to).  Since this 
> selection aggregates a new .psml page (or alters the existing) the portlets 
> are added from the portlet level, defeating security constraints (since they 
> are not coded at the portlet level, but at the .psml level.  I understand the 
> need for the customizer to see these portlets, although I personally could 
> handle removing them from the selection and forcing hard-coding of the 
> particular portlets due to their capabilities.
> Is there a fix for this, or some way to alter the customizer to only select 
> portlets from certain WAR's (short of rewriting the customizer).  The 
> portlet-selector.vm page has some code, but it appears to be pulling from 
> another component for db access.  Again, I would prefer to not crack into the 
> guts of the admin portlets if possible.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]