[ http://wso2.org/jira/browse/REGISTRY-45?page=all ]
Krishantha Samaraweera closed REGISTRY-45. ------------------------------------------ This is not a bug. Resources added after setting the "deny" permission should not be visible to user and existing resources will be visible.verification done and logic is working fine.So issue will be closed. > users who has no permission to read the content can be access to sub > directory level and download resource content > ------------------------------------------------------------------------------------------------------------------ > > Key: REGISTRY-45 > URL: http://wso2.org/jira/browse/REGISTRY-45 > Project: WSO2 Registry > Issue Type: Bug > Affects Versions: 0.1 > Environment: Ubuntu 7.10, JDK 1.5.0_08, tomcat 6.0.14, Firefox/2.0.0. > Reporter: Krishantha Samaraweera > Assigned To: Chathura Ekanayake > > How to recreate: > 1. login as admin > 2. deny read action from user level for a particular user. > 3. login as the user. > 4. upon login 404 unauthorized message will be show. > 5. now go to search activity > 6. do a all search > 7. access to sub directory resource path by clicking in to resource path link > 8. now you can down load any file > user level restricted read permission is checked only on root level. sub > directories can be accessed and read. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://wso2.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira _______________________________________________ Registry-dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/registry-dev
