Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-12552

AuthorizationManager unexpectedly denies access for reference to entities inside documents (object, attachments, ...)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.2-milestone-3
    • Fix Version/s: 7.2-rc-1
    • Component/s: Security
    • Labels:
      None
    • Tests:
      Unit
    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      When you call AuthorizationManager with a reference to an attachment, an object or other inside entities of a document, and it replies true for the document itself, it actually replies false for the object inside that same document.
      Since access right are limited at document level, this is obviously unexpected.

        Attachments

          Activity

            People

            Assignee:
            softec Denis Gervalle
            Reporter:
            softec Denis Gervalle
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: