[MAGNOLIA-2336] Access control lists from 3.0.2 - 3.5.8 Created: 20/Aug/08  Updated: 04/Nov/15  Resolved: 04/Nov/15

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 3.5.8
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Jon Larson Assignee: Philipp Bärfuss
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Hardware = HP DL380G4 (CPU=Dual Xeon 3Ghz, MEM=2G, Raid 5)
JDK 1.5
Tomcat 5.5.26
Magnolia 3.5.8 + Berkley connector


Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

We are in the process of moving from 3.0.3 to 3.5.8. After the upgrade I noticed that our DMS acl's no longer worked "see below". In the past we have been able to restrict the access to delete folders but give the user the ability to add files to the folder. If a user has the ability to delete a folder it could be a disaster. Is there a way to allow users to add files to a folder without granting them read\write to selected and sub-nodes in the dms?

DMS-RW (Role)
/ readonly - selected and sub-nodes
/documents/2008-09 - read/write - sub-nodes



 Comments   
Comment by Magnolia International [ 20/Aug/08 ]

Jon, you probably wanted to report this as a support request? You already have a userid which has the appropriate permissions (jlarson), and you've already used the system (SUPPORT-9). Could you please recreate your issues there, so that we have all the appropriate information filled in correctly ? Thanks.

Comment by Magnolia International [ 20/Jan/09 ]

Philipp, I know we have a couple of issues related to ACLs - could you link this one to them ?
We need to work something with the patterns and/or have a delete permission next to r/w

Comment by Philipp Bracher [ 22/Jan/09 ]

I prefer to start this discussion on a wiki page. Doing this on jira issue level seams to me to much detailed.

I created a yet empty page: http://wiki.magnolia-cms.com/display/DEV/Concept+ACLs

Comment by Michael Mühlebach [ 04/Nov/15 ]

Given the thousands of other issues we have open that are more highly requested, we won't be able to address this issue in the foreseeable future. Instead we will focus on issues with a higher impact, and more votes.
Thanks for taking the time to raise this issue. As you are no doubt aware this issue has been on our backlog for some time now with very little movement.
I'm going to close this to set expectations so the issue doesn't stay open for years with few updates. If the issue is still relevant please feel free to reopen it or create a new issue.

Generated at Mon Feb 12 03:35:43 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.