[MAGNOLIA-2316] ACLs assigned directly to user are not used at runtime. Created: 12/Aug/08 Updated: 23/Jan/13 Resolved: 12/Aug/08 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | security |
| Affects Version/s: | 3.6.1 |
| Fix Version/s: | 3.6.2, 3.6.3 |
| Type: | Bug | Priority: | Major |
| Reporter: | Jan Haderka | Assignee: | Jan Haderka |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Template: |
|
||||||||
| Acceptance criteria: |
Empty
|
||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||||||
| Description |
|
the ACls set directly on the user node are not added to the permission lists on login at the moment, which means they are never used during runtime. It can be easily tested by removing acl_roles children from any user ... after doing so user can still login without any problems even tho in theory (s)he has no longer rights to even read his/her own node data. |
| Comments |
| Comment by Jan Haderka [ 12/Aug/08 ] |
|
r17292 |