Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
1.0 B1
-
Unit, Integration
-
Unknown
-
N/A
-
Description
Reproduction steps:
- On a fresh wiki with standard rights, login with Admin create a page Test and a user Foo
- Administer page Test to forbid Delete right to Foo on the page only: the UI forces you to first grant the right and then deny it
- History of the page should have 3 version for Test: original creation, grant of delete right and deny of delete right
- Login with Foo, you should have edit right on Test with standard right scheme, go to history and tries to rollback to second version (which grant delete right)
Expected result:
- the UI link should be available (because of edit right) but the action should either lead to an error and shouldn't do anything
Obtained result:
- the link is working, the rollback is performed and Foo is now able to delete the page Test
This can also be done by deleting the current version from the history (which cause a rollback of the document to the previous version).
The root cause is that those two rollbacks causes ("rollback" and "current version delete from the history") are missing a call to XWiki#checkSavingDocument which is in charge of producing `UserUpdatingDocumentEvent` event which is what `RightsFilterListener` rely on.
Attachments
Issue Links
- is related to
-
-
- Closed
-