On Thursday, January 9, 2003, at 02:46 PM, Michael McLawhorn wrote:
Hi,I thought that the <allow-if-owner> would handle this too.
Thanks for the feedback. I finally got 1.4b3 working by doing a fresh install and rolling my content into it. It's not 100% yet, but I'm getting close. However, my reason for making the upgrade was > this:
We're trying to develop a jetspeed toolkit for internal use by serparate development teams. However, right now any user can substitute someone else's username in the url for any Jetspeed actions and have free run of their portlets (assuming they are in the same group) reconfiguring them, viewing their output, etc. I thought the allow-if-owner security tag would fix this, but it doesn't seem to have done anything.
Does anyone know how I can get Jetspeed to refuse attempts by user X to hit portlets defined in user Y's default.psml when they are in the same group? Thank you.
Mike McLawhorn
Could you please log a detailed bug on this one:
http://www.bluesunrise.com/jetspeed-docs/ JetspeedTutorial.htm#_Toc26987081
Thanks,
David
--
David Sean Taylor
Bluesunrise Software
[EMAIL PROTECTED]
+01 707 773-4646
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
