[magnolia-dev] [JIRA] Resolved: (MAGNOLIA-2318) Default user privileges are not enough for user to change their own privileges

[JIRA (on behalf of Jan Haderka)]

     [ 
http://jira.magnolia.info/browse/MAGNOLIA-2318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jan Haderka resolved MAGNOLIA-2318.
-----------------------------------

    Fix Version/s: 3.6.2
       Resolution: Fixed

r17321, r17317, r17313

> Default user privileges are not enough for user to change their own privileges
> ------------------------------------------------------------------------------
>
>                 Key: MAGNOLIA-2318
>                 URL: http://jira.magnolia.info/browse/MAGNOLIA-2318
>             Project: Magnolia
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 3.6.1
>            Reporter: Jan Haderka
>            Assignee: Jan Haderka
>             Fix For: 3.6.2
>
>
> Every user get by permission to access their own node children by default. 
> Permission is assigned via ACL directly under the user account. However this 
> permission given user right to modify children of their own node only. To 
> modify their own account users need to have also permission to read their own 
> account node.
> In short
> {code}
> user
>  - acl_users
>       - 0 
>          - path= /admin/userName/*
>          - permission = 63
> {code}
> needs to be changed to 
> {code}
> user
>  - acl_users
>       - 0 
>          - path= /admin/userName/*
>          - permission = 63
>       - 1 
>          - path= /admin/userName
>          - permission = 8
> {code}
> We should perhaps also introduce update task to add this second permission to 
> all existing users.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/
----------------------------------------------------------------