[
http://jira.magnolia.info/browse/MAGNOLIA-2316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Haderka updated MAGNOLIA-2316:
----------------------------------
Component/s: security
Assignee: Jan Haderka (was: Boris Kraft)
> ACLs assigned directly to user are not used at runtime.
> -------------------------------------------------------
>
> Key: MAGNOLIA-2316
> URL: http://jira.magnolia.info/browse/MAGNOLIA-2316
> Project: Magnolia
> Issue Type: Bug
> Components: security
> Affects Versions: 3.6.1
> Reporter: Jan Haderka
> Assignee: Jan Haderka
>
> the ACls set directly on the user node are not added to the permission lists
> on login at the moment, which means they are never used during runtime. It
> can be easily tested by removing acl_roles children from any user ... after
> doing so user can still login without any problems even tho in theory (s)he
> has no longer rights to even read his/her own node data.
> Another case that exposes this issue in fix for MAGNOLIA-574 - when user edit
> dialog is enabled directly without user having rights to access their node
> via role or group rights the given user will not be able to edit his/her
> preferences even tho they have such preferences assigned directly to their
> account.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/
----------------------------------------------------------------
