Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-2982

security: find a better solution than using the /$ permission if a user can only see parts of the content

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Won't Do
    • Neutral
    • None
    • None
    • security
    • None

    Description

      If one wants to give access only to one of the subtrees, like /demo-project, one has also to give access to the root which can be done but then the user can read everything. The main problem is that one can't give access to one single page only (it always includes the subpages).

      Today we solve that by using /$ which uses the fact that the AccessManager uses regular expressions. But this is also ugly because the system then creates the very weird permission /$/*.

      Either the tree should be able to handle this implicitly (list all the children the user can see no matter if he has access to the root node) or find a solution for MAGNOLIA-1555.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                pbaerfuss Philipp Bärfuss
                pbaerfuss Philipp Bärfuss
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Task DoD