You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Harry Metske (JIRA)" <ji...@apache.org> on 2009/05/17 13:49:47 UTC
[jira] Commented: (JSPWIKI-510)
SearchManager.JSONSearch.findPages() does not honor ACLs
[ https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12710194#action_12710194 ]
Harry Metske commented on JSPWIKI-510:
--------------------------------------
The problem here I think is (compared to Search.jsp and AjaxSearch.jsp) that we cannot just check the page permissions.
To check the pagepermission ( AuthorizationManager.checkPermission() ) we need at least a WikiSession which is not available at this point.
There is also no obvious way to get the WikiContext or HttpServletRequest.
Any suggestions on the solution approach ?
> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
> Key: JSPWIKI-510
> URL: https://issues.apache.org/jira/browse/JSPWIKI-510
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.8.1
> Reporter: Janne Jalkanen
> Fix For: 2.8.3, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view a page, but lists all of the page names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.