You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Janne Jalkanen (JIRA)" <ji...@apache.org> on 2009/02/17 19:58:59 UTC
[jira] Created: (JSPWIKI-510) SearchManager.JSONSearch.findPages()
does not honor ACLs
SearchManager.JSONSearch.findPages() does not honor ACLs
--------------------------------------------------------
Key: JSPWIKI-510
URL: https://issues.apache.org/jira/browse/JSPWIKI-510
Project: JSPWiki
Issue Type: Bug
Affects Versions: 2.8.1
Reporter: Janne Jalkanen
Fix For: 2.8.2, 3.0
Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: [jira] Commented: (JSPWIKI-510) SearchManager.JSONSearch.findPages()
does not honor ACLs
Posted by Andrew Jaquith <an...@gmail.com>.
Yes, this should be 3.0.
On Tue, Nov 10, 2009 at 3:21 PM, Harry Metske (JIRA) <ji...@apache.org> wrote:
>
> [ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12776062#action_12776062 ]
>
> Harry Metske commented on JSPWIKI-510:
> --------------------------------------
>
> I think so, but I like to hear Andrew's opinion.
> If Stripes is the intended solution we should bump it to 3.0, right ?
>
>> SearchManager.JSONSearch.findPages() does not honor ACLs
>> --------------------------------------------------------
>>
>> Key: JSPWIKI-510
>> URL: https://issues.apache.org/jira/browse/JSPWIKI-510
>> Project: JSPWiki
>> Issue Type: Bug
>> Affects Versions: 2.8.1
>> Reporter: Janne Jalkanen
>> Fix For: 2.8.3, 3.0
>>
>>
>> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.
>
> --
> This message is automatically generated by JIRA.
> -
> You can reply to this email to add a comment to the issue online.
>
>
[jira] Commented: (JSPWIKI-510)
SearchManager.JSONSearch.findPages() does not honor ACLs
Posted by "Andrew Jaquith (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12710201#action_12710201 ]
Andrew Jaquith commented on JSPWIKI-510:
----------------------------------------
The AJAX search feature should be replaced by a simpler method that uses ActionBeans. Stripes has good support for streaming JavaScript resolutions. I haven't had time to dig into how to do this, but it should be quite straightforward:
http://www.stripesframework.org/display/stripes/AJAX
> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
> Key: JSPWIKI-510
> URL: https://issues.apache.org/jira/browse/JSPWIKI-510
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.8.1
> Reporter: Janne Jalkanen
> Fix For: 2.8.3, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSPWIKI-510)
SearchManager.JSONSearch.findPages() does not honor ACLs
Posted by "Kurt Stein (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12688241#action_12688241 ]
Kurt Stein commented on JSPWIKI-510:
------------------------------------
I am waiting for aprovement of JSPWIKI-498. ;-)
I have a few search issues(JSPWIKI-441) in the pipe and don't want to handle to much different code in my workspace. Its simply to difficult to create a patch.
> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
> Key: JSPWIKI-510
> URL: https://issues.apache.org/jira/browse/JSPWIKI-510
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.8.1
> Reporter: Janne Jalkanen
> Fix For: 2.8.2, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSPWIKI-510)
SearchManager.JSONSearch.findPages() does not honor ACLs
Posted by "Harry Metske (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12710194#action_12710194 ]
Harry Metske commented on JSPWIKI-510:
--------------------------------------
The problem here I think is (compared to Search.jsp and AjaxSearch.jsp) that we cannot just check the page permissions.
To check the pagepermission ( AuthorizationManager.checkPermission() ) we need at least a WikiSession which is not available at this point.
There is also no obvious way to get the WikiContext or HttpServletRequest.
Any suggestions on the solution approach ?
> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
> Key: JSPWIKI-510
> URL: https://issues.apache.org/jira/browse/JSPWIKI-510
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.8.1
> Reporter: Janne Jalkanen
> Fix For: 2.8.3, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JSPWIKI-510) SearchManager.JSONSearch.findPages()
does not honor ACLs
Posted by "Janne Jalkanen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Janne Jalkanen updated JSPWIKI-510:
-----------------------------------
Fix Version/s: (was: 2.8.2)
2.8.3
Bumping to 2.8.3
> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
> Key: JSPWIKI-510
> URL: https://issues.apache.org/jira/browse/JSPWIKI-510
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.8.1
> Reporter: Janne Jalkanen
> Fix For: 2.8.3, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (JSPWIKI-510) SearchManager.JSONSearch.findPages()
does not honor ACLs
Posted by "Andrew Jaquith (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Jaquith resolved JSPWIKI-510.
------------------------------------
Resolution: Fixed
Assignee: Andrew Jaquith
Fixed in 3.0.0-svn-207.
> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
> Key: JSPWIKI-510
> URL: https://issues.apache.org/jira/browse/JSPWIKI-510
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.8.1
> Reporter: Janne Jalkanen
> Assignee: Andrew Jaquith
> Fix For: 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSPWIKI-510)
SearchManager.JSONSearch.findPages() does not honor ACLs
Posted by "Harry Metske (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12688050#action_12688050 ]
Harry Metske commented on JSPWIKI-510:
--------------------------------------
not me
> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
> Key: JSPWIKI-510
> URL: https://issues.apache.org/jira/browse/JSPWIKI-510
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.8.1
> Reporter: Janne Jalkanen
> Fix For: 2.8.2, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JSPWIKI-510) SearchManager.JSONSearch.findPages()
does not honor ACLs
Posted by "Harry Metske (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Harry Metske updated JSPWIKI-510:
---------------------------------
Fix Version/s: (was: 2.8.3)
Bumping to 3.0, Stripes to the rescue.......
> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
> Key: JSPWIKI-510
> URL: https://issues.apache.org/jira/browse/JSPWIKI-510
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.8.1
> Reporter: Janne Jalkanen
> Fix For: 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSPWIKI-510)
SearchManager.JSONSearch.findPages() does not honor ACLs
Posted by "Harry Metske (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12776062#action_12776062 ]
Harry Metske commented on JSPWIKI-510:
--------------------------------------
I think so, but I like to hear Andrew's opinion.
If Stripes is the intended solution we should bump it to 3.0, right ?
> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
> Key: JSPWIKI-510
> URL: https://issues.apache.org/jira/browse/JSPWIKI-510
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.8.1
> Reporter: Janne Jalkanen
> Fix For: 2.8.3, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSPWIKI-510)
SearchManager.JSONSearch.findPages() does not honor ACLs
Posted by "Janne Jalkanen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12688048#action_12688048 ]
Janne Jalkanen commented on JSPWIKI-510:
----------------------------------------
Has anybody looked into this?
> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
> Key: JSPWIKI-510
> URL: https://issues.apache.org/jira/browse/JSPWIKI-510
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.8.1
> Reporter: Janne Jalkanen
> Fix For: 2.8.2, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSPWIKI-510)
SearchManager.JSONSearch.findPages() does not honor ACLs
Posted by "Janne Jalkanen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12776039#action_12776039 ]
Janne Jalkanen commented on JSPWIKI-510:
----------------------------------------
Hey, before we release 2.8.3, what shall we do with this? Bump to 2.8.4?
> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
> Key: JSPWIKI-510
> URL: https://issues.apache.org/jira/browse/JSPWIKI-510
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.8.1
> Reporter: Janne Jalkanen
> Fix For: 2.8.3, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.