You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by "Randy Watler (JIRA)" <je...@portals.apache.org> on 2005/05/25 01:08:53 UTC

[jira] Updated: (JS2-235) Cleanup PageManager to enforce Page/Folder security symmetrically

     [ http://issues.apache.org/jira/browse/JS2-235?page=all ]

Randy Watler updated JS2-235:
-----------------------------

    Fix Version: 2.0-M4
                     (was: 2.0-M3)

> Cleanup PageManager to enforce Page/Folder security symmetrically
> -----------------------------------------------------------------
>
>          Key: JS2-235
>          URL: http://issues.apache.org/jira/browse/JS2-235
>      Project: Jetspeed 2
>         Type: Task
>     Versions: 2.0-M3
>     Reporter: Randy Watler
>     Assignee: Randy Watler
>     Priority: Minor
>      Fix For: 2.0-M4

>
> PageManager and related implementations do not enforce Page/Folder security constraints/permissions consistantly across all APIs. PageManager.getFolder() and PageManager.newPage() probably need to restrict VIEW and EDIT access assuming an end user is attempting to perform these operations as part of a site management/customization process.
> Will need to review site admin portlets to ensure that tightened APIs do not hinder operation.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org