[
http://jira.magnolia-cms.com/browse/MAGNOLIA-2982?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Haderka updated MAGNOLIA-2982:
----------------------------------
Fix Version/s: 4.3.x
(was: 4.3.2)
> security: find a better solution than using the /$ permission if a user can
> only see parts of the content
> ---------------------------------------------------------------------------------------------------------
>
> Key: MAGNOLIA-2982
> URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-2982
> Project: Magnolia
> Issue Type: Improvement
> Components: security
> Reporter: Philipp Bärfuss
> Assignee: Philipp Bärfuss
> Fix For: 4.3.x
>
>
> If one wants to give access only to one of the subtrees, like /demo-project,
> one has also to give access to the root which can be done but then the user
> can read everything. The main problem is that one can't give access to one
> single page only (it always includes the subpages).
> Today we solve that by using /$ which uses the fact that the AccessManager
> uses regular expressions. But this is also ugly because the system then
> creates the very weird permission /$/*.
> Either the tree should be able to handle this implicitly (list all the
> children the user can see no matter if he has access to the root node) or
> find a solution for MAGNOLIA-1555.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com>
----------------------------------------------------------------
