Pdisplay: no virtual site/domain filtering: users can see operations for all
sites even if they do not have the rights
----------------------------------------------------------------------------------------------------------------------
Key: SENSEI-129
URL: http://www.jahia.net/jira/browse/SENSEI-129
Project: Jahia Workflows
Issue Type: Bug
Affects Versions: Workflow 6.0 (Beta)
Environment: 23754
Reporter: Stephane Croisier
Assignee: Thomas Draier
Fix For: Workflow 6.0 (Andromeda)
Attachments: screenshot-1.jpg
I imported the online demo on a first site. I valdiated everything. I created a
second site (same template set) and I copy-pasted one section on the other
newly created site.
On the first site with a steven user (inexisting on the second site), I could
see the copy/paste operation to the second virtual site. I workflowted this
section on the second site witrh root. Steven could see the workflow operation.
I remove all access to guest on the section in order to be sure that my steven
access could not access to this section on my second site. Steven could still
see the workflow batch report and its content on the first site.
So first of all a column is missing in order to filter operations according the
virtual site.
Then even by removing all ACLs (guest by default) on the destination, my user
steven on the other site could still access to the workflow batch report of
restricted pages. Such workflow batch report should take care of users
permissions and should not display confidential pages.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://www.jahia.net/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
jira_list mailing list
jira_list@jahia.org
http://lists.jahia.org/cgi-bin/mailman/listinfo/jira_list
