[ http://jira.magnolia-cms.com/browse/MAGNOLIA-2982?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Haderka updated MAGNOLIA-2982: ---------------------------------- Fix Version/s: 4.3.x (was: 4.3.2) > security: find a better solution than using the /$ permission if a user can > only see parts of the content > --------------------------------------------------------------------------------------------------------- > > Key: MAGNOLIA-2982 > URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-2982 > Project: Magnolia > Issue Type: Improvement > Components: security > Reporter: Philipp Bärfuss > Assignee: Philipp Bärfuss > Fix For: 4.3.x > > > If one wants to give access only to one of the subtrees, like /demo-project, > one has also to give access to the root which can be done but then the user > can read everything. The main problem is that one can't give access to one > single page only (it always includes the subpages). > Today we solve that by using /$ which uses the fact that the AccessManager > uses regular expressions. But this is also ugly because the system then > creates the very weird permission /$/*. > Either the tree should be able to handle this implicitly (list all the > children the user can see no matter if he has access to the root node) or > find a solution for MAGNOLIA-1555. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.magnolia-cms.com/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com> ----------------------------------------------------------------