Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-18765

Wrong right resolution when denying a right to user who belongs to group with PR

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: In Progress
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 9.11.8, 11.10.10, 13.4
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      Reproduction steps:

      • Create a group with PR right (or use XWikiAdminGroup from default flavor)
      • Create a user and put it in that group
      • Deny the delete right to that user

      Expected result:

      • Since the user belongs to a group with PR right, they should still be able to delete pages

      Obtained result:

      • The user is not able anymore to perform delete actions

      Note that if the PR right is given explicitely to the user then they can still delete pages.

        Attachments

          Activity

            People

            Assignee:
            surli Simon Urli
            Reporter:
            surli Simon Urli
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: