You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Wendy Smoak (JIRA)" <ji...@codehaus.org> on 2006/12/26 17:43:09 UTC

[jira] Updated: (CONTINUUM-1082) Projects are visible to users with no roles

     [ http://jira.codehaus.org/browse/CONTINUUM-1082?page=all ]

Wendy Smoak updated CONTINUUM-1082:
-----------------------------------

          Description: 
I first noticed this with the guest/unauthenticated user, because you can see everything from project groups down to build results without logging in.

http://www.nabble.com/Projects-are-visible-to-a-guest-user-with-no-roles-t2873616.html

It's the same with any other user.  

Project Groups (and the projects within them) should not be visible at all unless the user has the "Project User" role for that group.

(If the user has no roles, it would be nice to display a helpful message rather than an empty list of Project Groups.)

  was:

I first noticed this with the guest/unauthenticated user, because you can see everything from project groups down to build results without logging in.

http://www.nabble.com/Projects-are-visible-to-a-guest-user-with-no-roles-t2873616.html

It's the same with any other user.  

Project Groups (and the projects within them) should not be visible at all unless the user has the "Project User" role for that group.

(If the user has no roles, it would be nice to display a helpful message rather than an empty list of Project Groups.)

    Affects Version/s: 1.1

> Projects are visible to users with no roles
> -------------------------------------------
>
>                 Key: CONTINUUM-1082
>                 URL: http://jira.codehaus.org/browse/CONTINUUM-1082
>             Project: Continuum
>          Issue Type: Bug
>          Components: Web - Security
>    Affects Versions: 1.1
>            Reporter: Wendy Smoak
>
> I first noticed this with the guest/unauthenticated user, because you can see everything from project groups down to build results without logging in.
> http://www.nabble.com/Projects-are-visible-to-a-guest-user-with-no-roles-t2873616.html
> It's the same with any other user.  
> Project Groups (and the projects within them) should not be visible at all unless the user has the "Project User" role for that group.
> (If the user has no roles, it would be nice to display a helpful message rather than an empty list of Project Groups.)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira