<!-- 
RSS generated by JIRA (9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b) at Mon Feb 12 01:48:20 CET 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>Magnolia - Issue tracker</title>
    <link>https://jira.magnolia-cms.com</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-uk</language>    <build-info>
        <version>9.4.2</version>
        <build-number>940002</build-number>
        <build-date>19-01-2023</build-date>
    </build-info>


<item>
            <title>[MGNLETK-85] Site security handling</title>
                <link>https://jira.magnolia-cms.com/browse/MGNLETK-85</link>
                <project id="10290" key="MGNLETK">Extended Templating Kit (closed)</project>
                    <description>&lt;p&gt;&lt;a href=&quot;http://wiki.magnolia-cms.com/display/DEV/Site+security+handling&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;Concept page&lt;/a&gt; is suggesting URISecurityFilter should be extended to respect site security and prevent cross-site access. This filter should replace URISecurityFilter when STK is installed and is part of port/improve site-aware ACL - &lt;a href=&quot;https://jira.magnolia-cms.com/browse/MAGNOLIA-3914&quot; title=&quot;Site aware ACL - port&quot; class=&quot;issue-link&quot; data-issue-key=&quot;MAGNOLIA-3914&quot;&gt;&lt;del&gt;MAGNOLIA-3914&lt;/del&gt;&lt;/a&gt;.&lt;/p&gt;</description>
                <environment></environment>
        <key id="25072">MGNLETK-85</key>
            <summary>Site security handling</summary>
                <type id="4" iconUrl="https://jira.magnolia-cms.com/secure/viewavatar?size=xsmall&amp;avatarId=10890&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.magnolia-cms.com/images/icons/priorities/major.svg">Major</priority>
                        <status id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="1">Fixed</resolution>
                                        <assignee username="ochytil">Ondrej Chytil</assignee>
                                    <reporter username="ochytil">Ondrej Chytil</reporter>
                        <labels>
                    </labels>
                <created>Wed, 15 Aug 2012 13:47:36 +0200</created>
                <updated>Mon, 8 Oct 2012 09:53:56 +0200</updated>
                            <resolved>Tue, 2 Oct 2012 11:37:09 +0200</resolved>
                                                    <fixVersion>2.0.5</fixVersion>
                                        <due></due>
                            <votes>0</votes>
                                    <watches>0</watches>
                                                                                                                <comments>
                            <comment id="51229" author="had" created="Mon, 17 Sep 2012 13:06:50 +0200"  >&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;CrossSiteSecurityFilter.java:81
 Iterator&amp;lt;Domain&amp;gt; it = site.getDomains().iterator();
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;What happens when site doesn&apos;t have any domains defined is it guaranteed that &lt;tt&gt;Site&lt;/tt&gt; always returns list and not null?&lt;/p&gt;

&lt;p&gt;Same class, bit further down:&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;           &lt;span class=&quot;code-keyword&quot;&gt;while&lt;/span&gt;(it.hasNext()){
  84                 authorized = &lt;span class=&quot;code-keyword&quot;&gt;true&lt;/span&gt;;
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;You reset authorized value on every iteration completely discarding result set by previous check. Is that correct? If so then code should be structured differently to show it.&lt;/p&gt;

&lt;p&gt;Why is &lt;tt&gt;CrossSiteSecurityFilter&lt;/tt&gt; extending &lt;tt&gt;URISecurityFilter&lt;/tt&gt; in a first place? There should be only on filter that takes care of Site specific URIs and that&apos;s &lt;tt&gt;SiteSecurityFilter&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;ETKModuleVersionHandler&lt;/tt&gt; - i think that more important than to place &lt;tt&gt;crossSite&lt;/tt&gt; filter before &lt;tt&gt;uriSecurity} is to place it after {{channel&lt;/tt&gt; and &lt;tt&gt;multiSite&lt;/tt&gt; as those two manipulate site that &lt;tt&gt;crossSite&lt;/tt&gt; needs to use.&lt;/p&gt;

&lt;p&gt;bypasses - everywhere else bypass for &lt;tt&gt;/.magnolia&lt;/tt&gt; is named &lt;tt&gt;dotMagnolia&lt;/tt&gt;. Can you follow same pattern?&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;SiteUriSecurityFilterTest&lt;/tt&gt; - methods &lt;tt&gt;testDennyOtherSitePermission&lt;/tt&gt; and &lt;tt&gt;testDennyOtherSitePermission&lt;/tt&gt; have exactly same content and same check. I think one of them is wrong.&lt;/p&gt;
</comment>
                            <comment id="51580" author="had" created="Wed, 26 Sep 2012 13:49:38 +0200"  >&lt;p&gt;What kind of problem does the &quot;solver&quot; class solves? IMHO none. What it really is is a &lt;tt&gt;CrossSiteAccessDefinition&lt;/tt&gt;. Another thing - since the patterns are defined once this class is defined, you should compile them only once and keep them inside rather then recompiling them on every execution of the filter ... It might be actually cleaner to move the whole check inside of this class in which case it would be appropriate to call it &lt;tt&gt;CrossSiteAccessResolver&lt;/tt&gt; since then it would indeed resolve whether or not to allow cross site access and also allow others to implement their own arbitrary rules to check.&lt;/p&gt;</comment>
                            <comment id="51605" author="had" created="Thu, 27 Sep 2012 00:18:38 +0200"  >&lt;p&gt;Any reason for calling all those pattern props in the Resolver &quot;Patter&quot;? &lt;img class=&quot;emoticon&quot; src=&quot;https://jira.magnolia-cms.com/images/icons/emoticons/biggrin.png&quot; height=&quot;16&quot; width=&quot;16&quot; align=&quot;absmiddle&quot; alt=&quot;&quot; border=&quot;0&quot;/&gt;&lt;/p&gt;</comment>
                            <comment id="51635" author="ochytil" created="Thu, 27 Sep 2012 14:11:06 +0200"  >&lt;p&gt;Ah, I seek a better world without some useless &quot;n&quot;. &lt;img class=&quot;emoticon&quot; src=&quot;https://jira.magnolia-cms.com/images/icons/emoticons/smile.png&quot; height=&quot;16&quot; width=&quot;16&quot; align=&quot;absmiddle&quot; alt=&quot;&quot; border=&quot;0&quot;/&gt;&lt;/p&gt;</comment>
                            <comment id="51736" author="had" created="Mon, 1 Oct 2012 18:43:17 +0200"  >&lt;p&gt;Now the logic was moved to separate class here&apos;s few more things I&apos;m able to see in the code:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;&lt;tt&gt;private static final&lt;/tt&gt; variables should be defined on top of the class (if you don&apos;t remember why, I&apos;ll remind you the interview test once we are back in the office).&lt;/li&gt;
	&lt;li&gt;while solve and resolve translates to same word in your native language, there is actually difference in english, so please take my word on it and call the variable &quot;resolver&quot; (and get/set/add methods that go w/ it)&lt;/li&gt;
	&lt;li&gt;the &lt;tt&gt;setResolvers&lt;/tt&gt; method is missing, which would be a real pain once you improve c2b/n2b&lt;/li&gt;
	&lt;li&gt;there is no need for &lt;tt&gt;resolver.getPatternOrNull()&lt;/tt&gt; method to be public or is there? Protected at best.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Now more on the logic side of the things&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;code checks for domain only if both &lt;tt&gt;domainPattern&lt;/tt&gt; and &lt;tt&gt;sitePattern&lt;/tt&gt; are set. Is that really correct? Should not it be enough if &lt;tt&gt;domainPattern&lt;/tt&gt; is set for this to work?&lt;/li&gt;
&lt;/ul&gt;
</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10040">
                    <name>causality</name>
                                                                <inwardlinks description="is causing">
                                        <issuelink>
            <issuekey id="25813">MGNLSTK-1010</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10010">
                    <name>relation</name>
                                            <outwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="22479">MAGNOLIA-3914</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                            <customfield id="customfield_14166" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Acceptance criteria</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                                    <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge aui-lozenge-complete" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>Empty</span></span></div>
                        ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10111" key="com.atlassian.jira.toolkit:reporterdomain">
                        <customfieldname>Company</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>magnolia-cms.com</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10031" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 17 Sep 2012 13:06:50 +0200</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_12730" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14151" key="com.atlassian.jira.toolkit:message">
                        <customfieldname>Docu info</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10061" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comm is not jira-dev</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>false</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10071" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last participant</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>mmuehlebach</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_13136" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            11 years, 20 weeks, 6 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10020" key="com.atlassian.jira.toolkit:attachments">
                        <customfieldname>Number of attachments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10150" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname>Number of comments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>had</customfieldvalue>
            <customfieldvalue>ochytil</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_10833" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i009d3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10244" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1553</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14145" key="com.intenso.jira.issue-templates:issue-templates-customfield">
                        <customfieldname>Template</customfieldname>
                        <customfieldvalues>
                            


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_15131" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Time in Discovery</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>