Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-9052

Unregistered users can still see everything in the wiki even if right to view pages for Unregistered users is explicit set to deny.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Major
    • None
    • 5.0-milestone-2
    • REST
    • Unknown

    Description

      To reproduce, simply set "Prevent unregistered users from viewing pages, regardless of the page or space rights" to true in the Rights section of XWiki Preferences. So the wiki is supposed to be private.
      But with the rest API, any unregistered user can still see every page of the wiki.
      For example create in the space "Main" a page called "Private", and add some confidential content in this page. Unregistered users would still be able to see this content at : http://localhost:8080/xwiki/rest/wikis/xwiki/spaces/Main/pages/Private/

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-9826 Prevent unregistered users access regardless of page or space rights is not always taken into account

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-9156 The Wiki UIExtensions should check the rights before executing extension points

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          links to

          Web Link Pull Request

          Activity

            People

              softec Denis Gervalle
              thomas_delafosse Thomas Delafosse
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: