Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-21013

Access rights aren't applied after nested group member changes in subwiki

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 15.6-rc-1
    • 15.4
    • Security
    • None
    • Unit
    • Unknown
    • N/A
    • N/A

    Description

      Steps to reproduce:

      1. Create a user "username" (but continue executing the following actions as Admin).
      2. Create a group "Secret" that contains "username".
      3. Create a group "Secret Parent" that contains "Secret".
      4. Create a subwiki "subwiki" that allows global and local users that any user can join with the standard flavor.
      5. Create a page "Secret" in the subwiki.
      6. Add "Secret Parent" to the local admin group in the subwiki.
      7. Restrict view right of "Secret" to the local admin group in the subwiki.
      8. As "username", access "Secret".
      9. As admin, remove "Secret Parent" from the local admin group in the subwiki.
      10. As "username", access "Secret" again (reload).
      11. As "username", edit "Secret" and change its content. Reload the page.

      Expected results:

      In step 8, access is granted, in step 10, access is denied so step 11 isn't possible.

      Actual results:

      In step 8, access is granted, in step 10, access is still granted, in step 11 after the reload, access is denied (but the edit has been executed).

      Attachments

        Activity

          People

            MichaelHamann Michael Hamann
            MichaelHamann Michael Hamann
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: