David Sean Taylor wrote:
>>>I suspect that the proxies are causing double the objects to
>>>
>>>
>>be created
>>
>>
>>>per request. Im still not convinced that this is a good
>>>
>>>
>>solution to the
>>
>>
>>>security issue. (please convince me :)
>>>
>>>
>>>
>>Thin
David Sean Taylor wrote:
>
>
>>-Original Message-
>>From: Santiago Gala [mailto:[EMAIL PROTECTED]]
>>Sent: Tuesday, May 28, 2002 9:07 AM
>>To: Jetspeed Developers List
>>Subject: Re: Security for Portlet State (customize, maximize,
>>minimize, cl ose) not working
>>
>>
>>Glenn Golden
Glenn Golden wrote:
>David -
>
>If you see the logic in how the default permissions work now, then what's
>the point of having the roles and the ACL in there at all?
>
>As the code is curreltly written, the only part of the system that actually
>checks against the ACL is BasePortletSet, when deci
o it's used
consistently in the proper places).
- Glenn
> -Original Message-
> From: David Sean Taylor [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 22, 2002 11:00 AM
> To: 'Jetspeed Developers List'
> Subject: RE: Security for Portlet State (customi
> -Original Message-
> From: Paul Spencer [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 22, 2002 1:01 PM
> To: Jetspeed Developers List
> Subject: Re: Security for Portlet State (customize, maximize,
> minimize, close) not working
>
>
>
>
> Glenn Golden wro
Glenn Golden wrote:
> Define the role "user" permissions in the admin interface - leave only
> "view" checked.
>
> Portlets for a user (the user has role "user" only) still have minimize,
> maximize, close, configure icons.
>
> When VelocityPortletContril.buildActionList() checks permissions:
Further thoughts...
We seem to have two conflicting security definition mechanisms:
* * *
1) From the admin interface, one can define roles and assign them to users.
The roles contain a set of permissions for the user.
* * *
2) From the jr.p config file, one can define default permissions:
s
> -Original Message-
> From: Glenn Golden [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 22, 2002 7:23 AM
> To: Jetspeed-Dev ([EMAIL PROTECTED])
> Subject: Security for Portlet State (customize, maximize,
> minimize, close) not working
>
>
> Define the role "user" permissions in t
