ACLs assigned directly to user are not used at runtime.
-------------------------------------------------------
Key: MAGNOLIA-2316
URL: http://jira.magnolia.info/browse/MAGNOLIA-2316
Project: Magnolia
Issue Type: Bug
Affects Versions: 3.6.1
Reporter: Jan Haderka
Assignee: Boris Kraft
the ACls set directly on the user node are not added to the permission lists on
login at the moment, which means they are never used during runtime. It can be
easily tested by removing acl_roles children from any user ... after doing so
user can still login without any problems even tho in theory (s)he has no
longer rights to even read his/her own node data.
Another case that exposes this issue in fix for MAGNOLIA-574 - when user edit
dialog is enabled directly without user having rights to access their node via
role or group rights the given user will not be able to edit his/her
preferences even tho they have such preferences assigned directly to their
account.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/
----------------------------------------------------------------
