[
http://jira.magnolia.info/browse/MAGNOLIA-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Philipp Bracher resolved MAGNOLIA-1993.
---------------------------------------
Fix Version/s: 3.5.4
Resolution: Not an issue
The content security (ACLs) is considered. So there is no security issue with
that.
I am going to create a new issue for moving /ActivationHandler to
/.magnolia/ActivationHandler or similar to make the url protection more
consistent
> Inconsistent security checks on activation/deactivation
> -------------------------------------------------------
>
> Key: MAGNOLIA-1993
> URL: http://jira.magnolia.info/browse/MAGNOLIA-1993
> Project: Magnolia
> Issue Type: Bug
> Components: activation
> Affects Versions: 3.5 RC1, 3.5 RC2, 3.5 RC3, 3.5, 3.5.1, 3.5.2
> Reporter: Jan Haderka
> Assignee: Philipp Bracher
> Priority: Critical
> Fix For: 3.5.4
>
>
> After fixing MAGNOLIA-1536 security checks performed on
> activation/deactivation are now inconsistent. To activate the document
> permission to access /ActivationHandler is satisfactory condition (no write
> permission to the given part of repository necessary), however to deactivate
> document user needs to be able to access the /ActivationHandler and needs
> REMOVE permission on deactivated document. This leads to situation where user
> can activate the document but has no permission to deactivate it.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/docs/en/editor/stayupdated.html
----------------------------------------------------------------
