Details
-
Bug
-
Resolution: Fixed
-
Major
-
7.4-milestone-2
-
None
-
Unit
-
Unknown
-
N/A
-
Description
Right now we have 2 problems:
- we don't create any xwiki context and we don't authenticate the user
- the authorization check we do is cached and thus if a user has access to a vfs node and then a user without access permission tries to access it, he'll be allowed...
Attachments
Issue Links
- is related to
-
XWIKI-12815 Rewrite Zip Explorer feature as Components + make it more generic
- Closed
- relates to
-
XWIKI-14829 VFS always test right with guest user instead of current user
- Closed