You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jspwiki.apache.org by "Janne Jalkanen (JIRA)" <ji...@apache.org> on 2009/02/17 19:58:59 UTC

[jira] Created: (JSPWIKI-510) SearchManager.JSONSearch.findPages() does not honor ACLs

SearchManager.JSONSearch.findPages() does not honor ACLs
--------------------------------------------------------

                 Key: JSPWIKI-510
                 URL: https://issues.apache.org/jira/browse/JSPWIKI-510
             Project: JSPWiki
          Issue Type: Bug
    Affects Versions: 2.8.1
            Reporter: Janne Jalkanen
             Fix For: 2.8.2, 3.0


Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Re: [jira] Commented: (JSPWIKI-510) SearchManager.JSONSearch.findPages() does not honor ACLs

Posted by Andrew Jaquith <an...@gmail.com>.

Yes, this should be 3.0.

On Tue, Nov 10, 2009 at 3:21 PM, Harry Metske (JIRA) <ji...@apache.org> wrote:
>
>    [ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12776062#action_12776062 ]
>
> Harry Metske commented on JSPWIKI-510:
> --------------------------------------
>
> I think so, but I like to hear Andrew's opinion.
> If Stripes is the intended solution we should bump it to 3.0, right ?
>
>> SearchManager.JSONSearch.findPages() does not honor ACLs
>> --------------------------------------------------------
>>
>>                 Key: JSPWIKI-510
>>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-510
>>             Project: JSPWiki
>>          Issue Type: Bug
>>    Affects Versions: 2.8.1
>>            Reporter: Janne Jalkanen
>>             Fix For: 2.8.3, 3.0
>>
>>
>> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.
>
> --
> This message is automatically generated by JIRA.
> -
> You can reply to this email to add a comment to the issue online.
>
>

[jira] Commented: (JSPWIKI-510) SearchManager.JSONSearch.findPages() does not honor ACLs

Posted by "Andrew Jaquith (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12710201#action_12710201 ] 

Andrew Jaquith commented on JSPWIKI-510:
----------------------------------------

The AJAX search feature should be replaced by a simpler method that uses ActionBeans. Stripes has good support for streaming JavaScript resolutions. I haven't had time to dig into how to do this, but it should be quite straightforward:

http://www.stripesframework.org/display/stripes/AJAX

> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
>                 Key: JSPWIKI-510
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-510
>             Project: JSPWiki
>          Issue Type: Bug
>    Affects Versions: 2.8.1
>            Reporter: Janne Jalkanen
>             Fix For: 2.8.3, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JSPWIKI-510) SearchManager.JSONSearch.findPages() does not honor ACLs

Posted by "Kurt Stein (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12688241#action_12688241 ] 

Kurt Stein commented on JSPWIKI-510:
------------------------------------

I am waiting for aprovement of JSPWIKI-498. ;-)

I have a few search issues(JSPWIKI-441) in the pipe and don't want to handle to much different code in my workspace. Its simply to difficult to create a patch.

> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
>                 Key: JSPWIKI-510
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-510
>             Project: JSPWiki
>          Issue Type: Bug
>    Affects Versions: 2.8.1
>            Reporter: Janne Jalkanen
>             Fix For: 2.8.2, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JSPWIKI-510) SearchManager.JSONSearch.findPages() does not honor ACLs

Posted by "Harry Metske (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12710194#action_12710194 ] 

Harry Metske commented on JSPWIKI-510:
--------------------------------------

The problem here I think is (compared to Search.jsp and AjaxSearch.jsp) that we cannot just check the page permissions.
To check the pagepermission ( AuthorizationManager.checkPermission() ) we need at least a WikiSession which is not available at this point. 
There is also no obvious way to get the WikiContext or HttpServletRequest.

Any suggestions on the solution approach ?

> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
>                 Key: JSPWIKI-510
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-510
>             Project: JSPWiki
>          Issue Type: Bug
>    Affects Versions: 2.8.1
>            Reporter: Janne Jalkanen
>             Fix For: 2.8.3, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (JSPWIKI-510) SearchManager.JSONSearch.findPages() does not honor ACLs

Posted by "Janne Jalkanen (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Janne Jalkanen updated JSPWIKI-510:
-----------------------------------

    Fix Version/s:     (was: 2.8.2)
                   2.8.3

Bumping to 2.8.3

> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
>                 Key: JSPWIKI-510
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-510
>             Project: JSPWiki
>          Issue Type: Bug
>    Affects Versions: 2.8.1
>            Reporter: Janne Jalkanen
>             Fix For: 2.8.3, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (JSPWIKI-510) SearchManager.JSONSearch.findPages() does not honor ACLs

Posted by "Andrew Jaquith (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Jaquith resolved JSPWIKI-510.
------------------------------------

    Resolution: Fixed
      Assignee: Andrew Jaquith

Fixed in 3.0.0-svn-207.

> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
>                 Key: JSPWIKI-510
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-510
>             Project: JSPWiki
>          Issue Type: Bug
>    Affects Versions: 2.8.1
>            Reporter: Janne Jalkanen
>            Assignee: Andrew Jaquith
>             Fix For: 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JSPWIKI-510) SearchManager.JSONSearch.findPages() does not honor ACLs

Posted by "Harry Metske (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12688050#action_12688050 ] 

Harry Metske commented on JSPWIKI-510:
--------------------------------------

not me

> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
>                 Key: JSPWIKI-510
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-510
>             Project: JSPWiki
>          Issue Type: Bug
>    Affects Versions: 2.8.1
>            Reporter: Janne Jalkanen
>             Fix For: 2.8.2, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (JSPWIKI-510) SearchManager.JSONSearch.findPages() does not honor ACLs

Posted by "Harry Metske (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Harry Metske updated JSPWIKI-510:
---------------------------------

    Fix Version/s:     (was: 2.8.3)

Bumping to 3.0, Stripes to the rescue.......

> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
>                 Key: JSPWIKI-510
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-510
>             Project: JSPWiki
>          Issue Type: Bug
>    Affects Versions: 2.8.1
>            Reporter: Janne Jalkanen
>             Fix For: 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JSPWIKI-510) SearchManager.JSONSearch.findPages() does not honor ACLs

Posted by "Harry Metske (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12776062#action_12776062 ] 

Harry Metske commented on JSPWIKI-510:
--------------------------------------

I think so, but I like to hear Andrew's opinion.
If Stripes is the intended solution we should bump it to 3.0, right ?

> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
>                 Key: JSPWIKI-510
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-510
>             Project: JSPWiki
>          Issue Type: Bug
>    Affects Versions: 2.8.1
>            Reporter: Janne Jalkanen
>             Fix For: 2.8.3, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JSPWIKI-510) SearchManager.JSONSearch.findPages() does not honor ACLs

Posted by "Janne Jalkanen (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12688048#action_12688048 ] 

Janne Jalkanen commented on JSPWIKI-510:
----------------------------------------

Has anybody looked into this?

> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
>                 Key: JSPWIKI-510
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-510
>             Project: JSPWiki
>          Issue Type: Bug
>    Affects Versions: 2.8.1
>            Reporter: Janne Jalkanen
>             Fix For: 2.8.2, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JSPWIKI-510) SearchManager.JSONSearch.findPages() does not honor ACLs

Posted by "Janne Jalkanen (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12776039#action_12776039 ] 

Janne Jalkanen commented on JSPWIKI-510:
----------------------------------------

Hey, before we release 2.8.3, what shall we do with this? Bump to 2.8.4?

> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
>                 Key: JSPWIKI-510
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-510
>             Project: JSPWiki
>          Issue Type: Bug
>    Affects Versions: 2.8.1
>            Reporter: Janne Jalkanen
>             Fix For: 2.8.3, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.