[
http://jira.magnolia.info/browse/MAGNOLIA-2317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17479#action_17479
]
Gregory Joseph commented on MAGNOLIA-2317:
------------------------------------------
Well, I have no strong opinion, but
- we need a solution for public user registration. And it's out of the
question that an admin would have to manually add permissions for each user's
node. Afaik, we have no "dynamic" permission paths, so these permissions have
to be set on a per-user basic
- there is "something, somewhere", that adds *some* permissions to the users,
relating to their own node. Whatever solution we choose, this should be cleaned
up appropriately. (code AND sample bootstrap files)
> Reading user nodes without having correct privileges assigned
> -------------------------------------------------------------
>
> Key: MAGNOLIA-2317
> URL: http://jira.magnolia.info/browse/MAGNOLIA-2317
> Project: Magnolia
> Issue Type: Bug
> Components: security
> Affects Versions: 3.6.1
> Reporter: Jan Haderka
> Assignee: Jan Haderka
>
> Currently users have assigned privileges to access their own node via ACLs
> assigned directly to their account. However those privileges are not assigned
> and used at runtime so in theory user should not be able to log in.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/
----------------------------------------------------------------
