Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-12912

Improve authorization checks based on the current user for accessing a VFS attachment archive

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 8.3, 8.4-rc-1, 7.4.6
    • 7.4-milestone-2
    • VFS
    • None
    • Unit
    • Unknown
    • N/A

    Description

      Right now we have 2 problems:

      • we don't create any xwiki context and we don't authenticate the user
      • the authorization check we do is cached and thus if a user has access to a vfs node and then a user without access permission tries to access it, he'll be allowed...

      Attachments

        Issue Links

          is related to

          New Feature - A new feature of the product, which has yet to be developed. XWIKI-12815 Rewrite Zip Explorer feature as Components + make it more generic

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-14829 VFS always test right with guest user instead of current user

          • Major - Major loss of function.
          • Closed

          Activity

            People

              vmassol Vincent Massol
              vmassol Vincent Massol
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: