Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-12552

AuthorizationManager unexpectedly denies access for reference to entities inside documents (object, attachments, ...)

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.2-milestone-3
    • Fix Version/s: 7.2-rc-1
    • Component/s: Security
    • Labels:
      None
    • Tests:
      Unit
    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      When you call AuthorizationManager with a reference to an attachment, an object or other inside entities of a document, and it replies true for the document itself, it actually replies false for the object inside that same document.
      Since access right are limited at document level, this is obviously unexpected.

        Attachments

          Activity

            People

            • Assignee:
              softec Denis Gervalle
              Reporter:
              softec Denis Gervalle
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: