Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
Unknown
-
Description
Heya Folks,
Currently the Rights Management is very good, if one sets rights on spaces or documents one can be sure no users will have access unless granted. However, on a lot of pages one will find lists of spaces and/or documents, that are mostly build on the spot by a loop like the following:
#foreach($space in $spaces)
...
#end
Since $spaces currently is a list of all spaces, most of the times these loops start with filtering out those that the user has not been granted access to.
I think all names of spaces and documents should only be visible to users that have been granted access to them especially as those names might already give away too much information when security has to be very strict.
$spaces and all similar variables should to be set by Rights Management to only include those items the user has been granted access to.
Mazzel,
Martijn.