[
https://issues.apache.org/jira/browse/JSPWIKI-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12710194#action_12710194
]
Harry Metske commented on JSPWIKI-510:
--------------------------------------
The problem here I think is (compared to Search.jsp and AjaxSearch.jsp) that we
cannot just check the page permissions.
To check the pagepermission ( AuthorizationManager.checkPermission() ) we need
at least a WikiSession which is not available at this point.
There is also no obvious way to get the WikiContext or HttpServletRequest.
Any suggestions on the solution approach ?
> SearchManager.JSONSearch.findPages() does not honor ACLs
> --------------------------------------------------------
>
> Key: JSPWIKI-510
> URL: https://issues.apache.org/jira/browse/JSPWIKI-510
> Project: JSPWiki
> Issue Type: Bug
> Affects Versions: 2.8.1
> Reporter: Janne Jalkanen
> Fix For: 2.8.3, 3.0
>
>
> Code in JSONSearch.findPages() does not check whether user is allowed to view
> a page, but lists all of the page names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
