[MAGNOLIA-2982] security: find a better solution than using the /$ permission if a user can only see parts of the content Created: 21/Dec/09  Updated: 04/Nov/15  Resolved: 04/Nov/15

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Neutral
Reporter: Philipp Bärfuss Assignee: Philipp Bärfuss
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
dependency
depends upon MAGNOLIA-1555 security: acl should consider node types Closed
relation
is related to MGNLSTK-550 demo users: overwork the groups and r... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

If one wants to give access only to one of the subtrees, like /demo-project, one has also to give access to the root which can be done but then the user can read everything. The main problem is that one can't give access to one single page only (it always includes the subpages).

Today we solve that by using /$ which uses the fact that the AccessManager uses regular expressions. But this is also ugly because the system then creates the very weird permission /$/*.

Either the tree should be able to handle this implicitly (list all the children the user can see no matter if he has access to the root node) or find a solution for MAGNOLIA-1555.



 Comments   
Comment by Michael Mühlebach [ 04/Nov/15 ]

Given the thousands of other issues we have open that are more highly requested, we won't be able to address this issue in the foreseeable future. Instead we will focus on issues with a higher impact, and more votes.
Thanks for taking the time to raise this issue. As you are no doubt aware this issue has been on our backlog for some time now with very little movement.
I'm going to close this to set expectations so the issue doesn't stay open for years with few updates. If the issue is still relevant please feel free to reopen it or create a new issue.

Generated at Mon Feb 12 03:42:02 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.