[
https://jira.nuxeo.org/browse/NXP-4816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thierry Martins updated NXP-4816:
---------------------------------
Status: Open (was: Triage)
> Make Administrators group(s) bypass security checks in the whole Nuxeo
> ----------------------------------------------------------------------
>
> Key: NXP-4816
> URL: https://jira.nuxeo.org/browse/NXP-4816
> Project: Nuxeo Enterprise Platform
> Issue Type: Improvement
> Components: Core, Security
> Affects Versions: 5.3 GA
> Reporter: Thierry Martins
> Assignee: Thierry Martins
> Fix For: 5.3.1
>
>
> Currently, users in administrators group(s) may not view documents in the UI
> listing or in query results although they have direct access to them.
> The problem is we are checking permissions affected to administrators when
> running a NXQL query but not when accessing directly to the document.
> To have a homogeneous behaviour in the whole webapp, we will bypass security
> checks for users considerated as administrators, ie belonging to
> administrators group(s).
> As a matter of fact, it won't be necessary to add an ACE for administrators
> (and Administrator) in the definition of the content template.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets
