Page manipulations are unchecked
--------------------------------
Key: RAVE-298
URL: https://issues.apache.org/jira/browse/RAVE-298
Project: Rave
Issue Type: Bug
Affects Versions: 0.4-INCUBATING
Reporter: Jasha Joachimsthal
Priority: Critical
Currently it's possible to add/move/delete a widget on a page that does not
belong to the logged in user by changing request parameters or the id in the
url. Checks must be added to page and widget manipulations if the user that
does the manipulations are performed by the owner.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
