Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
5.0-milestone-1
-
Unknown
-
N/A
-
N/A
-
Description
Steps to Reproduce:
- Restrict "view" access to Sandbox.TestPage3 by setting an explicit view right for admins
- Add a tag "X" to Sandbox.TestPage3
- As a user who is not an admin, open <server>/bin/get/XWiki/LiveTableResults?outputSyntax=plain&classname=&collist=doc.title%2Cdoc.location%2Cdoc.content&doc.location=Sandbox.TestPage3&limit=1 where <server> is the URL of your XWiki installation.
Expect Result:
No tags are displayed as the user doesn't have view rights on Sandbox.TestPage3.
Actual Result:
The result
{"reqNo":null,"matchingtags":{"X":1},"tags":[{"tag":"X","count":1}],"totalrows":2,"returnedrows":1,"offset":1,"rows":[{"doc_viewable":false,"doc_fullName":"obfuscated"}]}
is displayed.
This reveals that Sandbox.TestPage3 has tag X.
The issue has been reproduced on 14.5 but is most likely older.
Attachments
Issue Links
- blocks
-
-
- Closed
-
- causes
-
-
- Closed
-
- is related to
-
-
- Closed
-
- relates to
-
-
- Closed
-
- links to