[
https://issues.apache.org/jira/browse/RAVE-568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13258187#comment-13258187
]
Dennis van der Laan commented on RAVE-568:
------------------------------------------
When using a category filter, all users see all matching gadgets, regardless of
the gadget's status. The store shows the 'Add' button, so users can add these
gadgets to their pages. The gadgets are not being shown if in preview, but
still... I don't think users will be happy with this kind of behavior.
IMO all submitted gadgets should first be reviewed by an admin before being
addable by any user, including the user who submitted the gadget. At least,
that is what I expect, based on the status 'preview' and 'published'.
This is purely based on how I see our Rave environment being used within our
organisation, and this might not be the general idea of how submitting and
using gadgets should work in Rave (users can use their own gadgets in iGoogle
or Netvibes, too). This being said, I would like Rave to have an option to
enable or disable the ability for a widget owner to use a preview-statused
gadget.
Secondly, the widget store now shows different results, depending on if a
filter is applied or not. If I search for text, or if I do not filter the
contents of the store, I only see published widgets. If I filter based on a
category, all widgets are shown, regardless of their status. So, if there are
only 'communications' gadgets in the store, and I select this category, I see
more results in the store than when not selecting a category. I think this is
not intuitive, at the least.
> Widgets with preview-status can still be added
> ----------------------------------------------
>
> Key: RAVE-568
> URL: https://issues.apache.org/jira/browse/RAVE-568
> Project: Rave
> Issue Type: Bug
> Components: rave-core, rave-web
> Affects Versions: 0.10.1
> Reporter: Dennis van der Laan
>
> In the widget store, when using the category filter or 'my widgets' filter,
> widgets with 'preview' status are shown also. Users are able to add
> preview-widgets this way.
> Because users are also able to upload widgets, which then get preview-status,
> this seems like a security issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
