You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jspwiki.apache.org by "Harry Metske (JIRA)" <ji...@apache.org> on 2009/05/17 13:49:47 UTC

[jira] Commented: (JSPWIKI-510) SearchManager.JSONSearch.findPages() does not honor ACLs

    [ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12710194#action_12710194 ] 

Harry Metske commented on JSPWIKI-510:
--------------------------------------

The problem here I think is (compared to Search.jsp and AjaxSearch.jsp) that we cannot just check the page permissions.
To check the pagepermission ( AuthorizationManager.checkPermission() ) we need at least a WikiSession which is not available at this point. 
There is also no obvious way to get the WikiContext or HttpServletRequest.

Any suggestions on the solution approach ?

> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
>                 Key: JSPWIKI-510
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-510
>             Project: JSPWiki
>          Issue Type: Bug
>    Affects Versions: 2.8.1
>            Reporter: Janne Jalkanen
>             Fix For: 2.8.3, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.