You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Randy Watler (JIRA)" <je...@jakarta.apache.org> on 2005/04/21 20:16:23 UTC
[jira] Created: (JS2-235) Cleanup PageManager to enforce Page/Folder security symmetrically
Cleanup PageManager to enforce Page/Folder security symmetrically
-----------------------------------------------------------------
Key: JS2-235
URL: http://issues.apache.org/jira/browse/JS2-235
Project: Jetspeed 2
Type: Task
Versions: 2.0-M3
Reporter: Randy Watler
Assigned to: Randy Watler
Priority: Minor
Fix For: 2.0-M3
PageManager and related implementations do not enforce Page/Folder security constraints/permissions consistantly across all APIs. PageManager.getFolder() and PageManager.newPage() probably need to restrict VIEW and EDIT access assuming an end user is attempting to perform these operations as part of a site management/customization process.
Will need to review site admin portlets to ensure that tightened APIs do not hinder operation.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org
[jira] Resolved: (JS2-235) Cleanup PageManager to enforce Page/Folder security symmetrically
Posted by "Randy Watler (JIRA)" <je...@portals.apache.org>.
[ http://issues.apache.org/jira/browse/JS2-235?page=all ]
Randy Watler resolved JS2-235:
------------------------------
Resolution: Fixed
Corrected in page manager component as part of JS2-69 portal-site component implementation.
> Cleanup PageManager to enforce Page/Folder security symmetrically
> -----------------------------------------------------------------
>
> Key: JS2-235
> URL: http://issues.apache.org/jira/browse/JS2-235
> Project: Jetspeed 2
> Type: Task
> Versions: 2.0-M3
> Reporter: Randy Watler
> Assignee: Randy Watler
> Priority: Minor
> Fix For: 2.0-M4
>
> PageManager and related implementations do not enforce Page/Folder security constraints/permissions consistantly across all APIs. PageManager.getFolder() and PageManager.newPage() probably need to restrict VIEW and EDIT access assuming an end user is attempting to perform these operations as part of a site management/customization process.
> Will need to review site admin portlets to ensure that tightened APIs do not hinder operation.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] Updated: (JS2-235) Cleanup PageManager to enforce Page/Folder security symmetrically
Posted by "Randy Watler (JIRA)" <je...@portals.apache.org>.
[ http://issues.apache.org/jira/browse/JS2-235?page=all ]
Randy Watler updated JS2-235:
-----------------------------
Fix Version: 2.0-M4
(was: 2.0-M3)
> Cleanup PageManager to enforce Page/Folder security symmetrically
> -----------------------------------------------------------------
>
> Key: JS2-235
> URL: http://issues.apache.org/jira/browse/JS2-235
> Project: Jetspeed 2
> Type: Task
> Versions: 2.0-M3
> Reporter: Randy Watler
> Assignee: Randy Watler
> Priority: Minor
> Fix For: 2.0-M4
>
> PageManager and related implementations do not enforce Page/Folder security constraints/permissions consistantly across all APIs. PageManager.getFolder() and PageManager.newPage() probably need to restrict VIEW and EDIT access assuming an end user is attempting to perform these operations as part of a site management/customization process.
> Will need to review site admin portlets to ensure that tightened APIs do not hinder operation.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org