[
http://jira.magnolia.info/browse/MAGNOLIA-2317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17481#action_17481
]
Jan Haderka commented on MAGNOLIA-2317:
---------------------------------------
MAGNOLIA-2318 deals with the fact that each user needs the permission to read
their own node. I've already updated the code (UserEditDialog) to make sure
those permissions are added properly. I've also added update task to update all
existing users. I will also update bootstrap files.
That something which adds permissions to users is UserEditDialog. I'm not
convinced that dialog is a right place for hardcoding the permissions that need
to be added to every user, but don't want to change this without discussing it
first. MAGNOLIA-2320 is dedicated to that.
> Reading user nodes without having correct privileges assigned
> -------------------------------------------------------------
>
> Key: MAGNOLIA-2317
> URL: http://jira.magnolia.info/browse/MAGNOLIA-2317
> Project: Magnolia
> Issue Type: Bug
> Components: security
> Affects Versions: 3.6.1
> Reporter: Jan Haderka
> Assignee: Jan Haderka
>
> Currently users have assigned privileges to access their own node via ACLs
> assigned directly to their account. However those privileges are not assigned
> and used at runtime so in theory user should not be able to log in.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
for list details see
http://documentation.magnolia.info/
----------------------------------------------------------------
