<!-- 
RSS generated by JIRA (9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b) at Mon Feb 12 02:02:07 CET 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>Magnolia - Issue tracker</title>
    <link>https://jira.magnolia-cms.com</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-uk</language>    <build-info>
        <version>9.4.2</version>
        <build-number>940002</build-number>
        <build-date>19-01-2023</build-date>
    </build-info>


<item>
            <title>[MGNLFORUM-250] Remove not supported moderation-permission</title>
                <link>https://jira.magnolia-cms.com/browse/MGNLFORUM-250</link>
                <project id="10130" key="MGNLFORUM">Forum (closed)</project>
                    <description>&lt;p&gt;Forum on M4.5 had sophisticated security-model which is currently not supported by Magnolia 5.&lt;/p&gt;

&lt;p&gt;Bootstrap (originating from M4.5-version) installs these 4 roles. &lt;/p&gt;

&lt;p&gt;1) forum-base&lt;br/&gt;
2) forum_ALL-user&lt;br/&gt;
3) forum_ALL-admin&lt;br/&gt;
4) forum_ALL-moderator&lt;/p&gt;

&lt;p&gt;(2), (3) and (4) all come with an ACL-permission for the forum-workspace which M5-security-app cannot display correct (see screenshot) and is lost when someone is editing it. &lt;br/&gt;
Instead of the permission &quot;moderateAndDelete&quot; use &quot;read &amp;amp; write&quot;&lt;/p&gt;



&lt;p&gt;Forum 3.3 should apply the following simple security model:&lt;/p&gt;

&lt;p&gt;(a) role forum-base is required to access the forum-app&lt;br/&gt;
(b) to moderate (=&amp;gt; approve or reject a message) a user must have the role forum_ALL-moderator or forum_ALL-admin&lt;br/&gt;
(c) if a user has the above described permission to moderate a forum, he can moderate every forum&lt;/p&gt;

&lt;p&gt;(a) is already done but probably arguable.&lt;/p&gt;



&lt;p&gt;=&amp;gt;&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;clean install: ensure Bootstraps contain roles which can be handled by M5; remove no more used bootstraps&lt;/li&gt;
	&lt;li&gt;clean update:  ensure config. of installed forum gets roles which can be handled by M5 on update&lt;/li&gt;
	&lt;li&gt;clean code: ensure DefaultForumManager#isModerator works properly (based on roles)&lt;/li&gt;
	&lt;li&gt;disable automatically creation of roles when a forum is created in the forum-config (change the config which in bootstrap or in already installed versions)&lt;/li&gt;
&lt;/ul&gt;



</description>
                <environment></environment>
        <key id="37045">MGNLFORUM-250</key>
            <summary>Remove not supported moderation-permission</summary>
                <type id="14" iconUrl="https://jira.magnolia-cms.com/secure/viewavatar?size=xsmall&amp;avatarId=10895&amp;avatarType=issuetype">Story</type>
                                            <priority id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/priorities/neutral.gif">Neutral</priority>
                        <status id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="1">Fixed</resolution>
                                        <assignee username="rkovarik">Roman Kova&#345;&#237;k</assignee>
                                    <reporter username="cmeier">Christoph Meier</reporter>
                        <labels>
                    </labels>
                <created>Wed, 5 Mar 2014 17:12:23 +0100</created>
                <updated>Thu, 13 Mar 2014 15:13:50 +0100</updated>
                            <resolved>Wed, 12 Mar 2014 10:02:45 +0100</resolved>
                                                    <fixVersion>3.3</fixVersion>
                                    <component>security</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                                                            <comments>
                            <comment id="81024" author="cmeier" created="Tue, 11 Mar 2014 14:48:16 +0100"  >&lt;p&gt;All subtasks of &lt;a href=&quot;https://jira.magnolia-cms.com/browse/MGNLFORUM-250&quot; title=&quot;Remove not supported moderation-permission&quot; class=&quot;issue-link&quot; data-issue-key=&quot;MGNLFORUM-250&quot;&gt;&lt;del&gt;MGNLFORUM-250&lt;/del&gt;&lt;/a&gt; (251, 252, 253, 254, 255) have been committed against &lt;a href=&quot;https://jira.magnolia-cms.com/browse/MGNLFORUM-250&quot; title=&quot;Remove not supported moderation-permission&quot; class=&quot;issue-link&quot; data-issue-key=&quot;MGNLFORUM-250&quot;&gt;&lt;del&gt;MGNLFORUM-250&lt;/del&gt;&lt;/a&gt; (which is the &#8222;parent&#8220;) on master.&lt;/p&gt;</comment>
                            <comment id="81044" author="mdivilek" created="Tue, 11 Mar 2014 18:51:50 +0100"  >&lt;p&gt;Reopen: There is no reason to have &quot;forum-moderator-base&quot; role longer. It&apos;s only used for forum app availability (/modules/forum/apps/forum/permissions/roles). Instead of this we should change forum app availability to roles forum_ALL-admin and forum_ALL-moderator.&lt;/p&gt;

&lt;p&gt;Also &quot;forum-base&quot; role seems useless. Please check it.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10010">
                    <name>relation</name>
                                            <outwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="37099">MGNLCMNT-102</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                            <attachment id="23107" name="custom-m45-sec-conf.png" size="97427" author="cmeier" created="Wed, 5 Mar 2014 17:14:26 +0100"/>
                            <attachment id="23108" name="unsupported_ACL-permission.png" size="135487" author="cmeier" created="Wed, 5 Mar 2014 17:14:26 +0100"/>
                    </attachments>
                <subtasks>
                            <subtask id="37048">MGNLFORUM-251</subtask>
                            <subtask id="37049">MGNLFORUM-252</subtask>
                            <subtask id="37050">MGNLFORUM-253</subtask>
                            <subtask id="37051">MGNLFORUM-254</subtask>
                            <subtask id="37088">MGNLFORUM-255</subtask>
                    </subtasks>
                <customfields>
                                                                            <customfield id="customfield_14166" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Acceptance criteria</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                                    <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge aui-lozenge-complete" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>Empty</span></span></div>
                        ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10111" key="com.atlassian.jira.toolkit:reporterdomain">
                        <customfieldname>Company</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>magnolia-cms.com</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10031" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 10 Mar 2014 16:13:21 +0100</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_12730" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14151" key="com.atlassian.jira.toolkit:message">
                        <customfieldname>Docu info</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10061" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comm is not jira-dev</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>false</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10071" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last participant</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>mmuehlebach</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_13136" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            9 years, 49 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10020" key="com.atlassian.jira.toolkit:attachments">
                        <customfieldname>Number of attachments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10150" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname>Number of comments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>cmeier</customfieldvalue>
            <customfieldvalue>mdivilek</customfieldvalue>
            <customfieldvalue>rkovarik</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_10833" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i036f3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10244" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>18635</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14145" key="com.intenso.jira.issue-templates:issue-templates-customfield">
                        <customfieldname>Template</customfieldname>
                        <customfieldvalues>
                            


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_15131" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Time in Discovery</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>