You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by "Randy Watler (JIRA)" <je...@jakarta.apache.org> on 2005/04/21 20:16:23 UTC

[jira] Created: (JS2-235) Cleanup PageManager to enforce Page/Folder security symmetrically

Cleanup PageManager to enforce Page/Folder security symmetrically
-----------------------------------------------------------------

         Key: JS2-235
         URL: http://issues.apache.org/jira/browse/JS2-235
     Project: Jetspeed 2
        Type: Task
    Versions: 2.0-M3    
    Reporter: Randy Watler
 Assigned to: Randy Watler 
    Priority: Minor
     Fix For: 2.0-M3


PageManager and related implementations do not enforce Page/Folder security constraints/permissions consistantly across all APIs. PageManager.getFolder() and PageManager.newPage() probably need to restrict VIEW and EDIT access assuming an end user is attempting to perform these operations as part of a site management/customization process.

Will need to review site admin portlets to ensure that tightened APIs do not hinder operation.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

[jira] Resolved: (JS2-235) Cleanup PageManager to enforce Page/Folder security symmetrically

Posted by "Randy Watler (JIRA)" <je...@portals.apache.org>.

     [ http://issues.apache.org/jira/browse/JS2-235?page=all ]
     
Randy Watler resolved JS2-235:
------------------------------

    Resolution: Fixed

Corrected in page manager component as part of JS2-69 portal-site component implementation.

> Cleanup PageManager to enforce Page/Folder security symmetrically
> -----------------------------------------------------------------
>
>          Key: JS2-235
>          URL: http://issues.apache.org/jira/browse/JS2-235
>      Project: Jetspeed 2
>         Type: Task
>     Versions: 2.0-M3
>     Reporter: Randy Watler
>     Assignee: Randy Watler
>     Priority: Minor
>      Fix For: 2.0-M4

>
> PageManager and related implementations do not enforce Page/Folder security constraints/permissions consistantly across all APIs. PageManager.getFolder() and PageManager.newPage() probably need to restrict VIEW and EDIT access assuming an end user is attempting to perform these operations as part of a site management/customization process.
> Will need to review site admin portlets to ensure that tightened APIs do not hinder operation.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

[jira] Updated: (JS2-235) Cleanup PageManager to enforce Page/Folder security symmetrically

Posted by "Randy Watler (JIRA)" <je...@portals.apache.org>.

     [ http://issues.apache.org/jira/browse/JS2-235?page=all ]

Randy Watler updated JS2-235:
-----------------------------

    Fix Version: 2.0-M4
                     (was: 2.0-M3)

> Cleanup PageManager to enforce Page/Folder security symmetrically
> -----------------------------------------------------------------
>
>          Key: JS2-235
>          URL: http://issues.apache.org/jira/browse/JS2-235
>      Project: Jetspeed 2
>         Type: Task
>     Versions: 2.0-M3
>     Reporter: Randy Watler
>     Assignee: Randy Watler
>     Priority: Minor
>      Fix For: 2.0-M4

>
> PageManager and related implementations do not enforce Page/Folder security constraints/permissions consistantly across all APIs. PageManager.getFolder() and PageManager.newPage() probably need to restrict VIEW and EDIT access assuming an end user is attempting to perform these operations as part of a site management/customization process.
> Will need to review site admin portlets to ensure that tightened APIs do not hinder operation.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org