[
http://jira.magnolia.info/browse/MAGNOLIA-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15669#action_15669
]
Philipp Bracher commented on MAGNOLIA-1993:
-------------------------------------------
I will investigate on that. Actually /ActivationHandler is not protected. The
user permissions must be taken in account!
> Inconsistent security checks on activation/deactivation
> -------------------------------------------------------
>
> Key: MAGNOLIA-1993
> URL: http://jira.magnolia.info/browse/MAGNOLIA-1993
> Project: Magnolia
> Issue Type: Bug
> Components: activation
> Affects Versions: 3.5 RC1, 3.5 RC2, 3.5 RC3, 3.5, 3.5.1, 3.5.2
> Reporter: Jan Haderka
> Assignee: Philipp Bracher
>
> After fixing MAGNOLIA-1536 security checks performed on
> activation/deactivation are now inconsistent. To activate the document
> permission to access /ActivationHandler is satisfactory condition (no write
> permission to the given part of repository necessary), however to deactivate
> document user needs to be able to access the /ActivationHandler and needs
> REMOVE permission on deactivated document. This leads to situation where user
> can activate the document but has no permission to deactivate it.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/docs/en/editor/stayupdated.html
----------------------------------------------------------------
