Thanks Eric. I'll update the manual to make note of that behavior. Reflecting on it, closing down guest ability to edit portlet preferences might prevent some interesting feature capability in the future.
James Wennmacher - Unicon 480.558.2420 On 12/10/2014 10:40 AM, Eric Dalquist wrote: > The portlet preferences store explicitly was written to store prefs in > the session for users where isGuest returns true. > > On Wed Dec 10 2014 at 9:33:51 AM James Wennmacher > <[email protected] <mailto:[email protected]>> wrote: > > Sending to both uportal-dev and portlet-dev to insure anyone who might > be affected and want to contribute can. For discussion continuity I > suggest responding only on the uportal-dev user list. > > I just discovered that the Guest account has edit access to > portlets on > their layout (and soon with UP-4041 and related work portlets not on > their layout). You can duplicate this by putting a portlet such > as the > About College Life on the guest layout. The guest user can access the > Edit operation and page. > > From my experimentation it appears that any portlet preference > changes > are retained for the guest user's session and are not persisted to the > DB -- or at least it doesn't affect other simultaneous guest user > sessions or new guest user sessions. So it appears safe though I > won't > say I exhaustively tested it. > > Pros: > - Allows the guest user to change portlet / presentation options, such > as switching newsreader items from simple list to flyout for > example or > altering which data sources might display. > > Cons: > - Strikes me as unexpected behavior and to me a bit unintuitive > since I > am used to edit operations affecting the active user account. I > immediately had to test it to see if it was a bug that affected all > future or simultaneous guest sessions. > > Are there substantive use cases for retaining the current behavior? I > see some risk (what if the safety mechanisms stopped working) and > possibly added complexity (in preventing storage or storing in http > session as compared to not showing the link and/or preventing the > behavior even if the correct URL was entered). > > Should this be considered a bug or undesired behavior? I say yes. > > -- > James Wennmacher - Unicon > 480.558.2420 > > > -- > You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] > <mailto:[email protected]> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/portlet-dev > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/portlet-dev > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-dev
