Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 5.2.1
Affects Version/s: 5.2
Component/s: Base
Labels:
- security

Template:
Acceptance criteria:

Empty

show more show less
Task DoD:

show more show less
Bug DoR:

show more show less

As long as a workflow action is available in the UI, there's no security check regarding the grants owned by the current user.
The basic rule should be "user has Read+Write grants on the workflow workspace AND has at least Read grant on the node they're trying to publish.

Acceptance criteria

is causing

MGNLUI-2510 UI shouldn't enable actions for which the user has no permissions

Closed

is related to

MGNLWORKFLOW-178 Workflow roles do not grant access to workflow workspace

Closed

Assignee:: Federico Grilli

Reporter:: Federico Grilli

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 10/Dec/13 6:47 PM

Updated:: 11/Dec/13 2:14 PM

Resolved:: 11/Dec/13 10:47 AM

Bug DoR

Task DoD

Details

Description

Checklists

Attachments

Issue Links

Activity

People

Dates

Checklists