Bug 1289724
| Summary: | [ENG][6.2.z] User with no privileges for repository can view and modify assets in that repository | ||
|---|---|---|---|
| Product: | [Retired] JBoss BRMS Platform 6 | Reporter: | Alexandre Porcelli <porcelli> |
| Component: | Business Central | Assignee: | Eder Ignatowicz <eignatow> |
| Status: | CLOSED EOL | QA Contact: | Lukáš Petrovický <lpetrovi> |
| Severity: | high | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 6.0.3 | CC: | alazarot, etirelli, kverlaen, lpetrovi, manstis, pavzem, rrajasek, rsynek, trikkola |
| Target Milestone: | CR2 | ||
| Target Release: | 6.2.1 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1192831 | Environment: | |
| Last Closed: | 2020-03-27 19:41:05 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1192831, 1214245, 1283974 | ||
| Bug Blocks: | 1288021, 1288023 | ||
|
Comment 1
Alexandre Porcelli
2015-12-08 20:13:22 UTC
I'm sorry to say, there is still more to fix. With access restrictions set up, even unprivileged user can see the assets via the Recently edited/opened (authoring -> explore). The Latest changes section in Timeline perspective offers all repos in the filter featurette, even those that shouldn't be visible to the user. The good thing is, the assets/changes from those org.units/repos/projects that the user shouldn't see are still not shown in the latest changes - only the options for filtering are affected. An admin can see everything in the Administration perspective, but I think that is expected..? I wasn't able to verify with Inbox and the Find feature, because they didn't show any assets, even without restriction. The simple search feature (input line with magnifier) is fixed. Project explorer behaves correctly. Fixed: On Guvnor: Master e16fbbd3605b3e228c6b630229b8d5d569ce0978 b88dd1139ac1fbf5339f9f8ebcc725d566044cd1 6.4 21e76547a0d7efb10de67184c6bb287d64aaf6dc 7df27a02cb78b1b698b3b2177ebf64a545072bfb 6.3 a7928c547b5118978e1304dfcd51adb636706579 d996277bc898d805ab12b008116023445417e267 On Kie-wb-common: Master ac67f4f1bb4a676a552e1d97670d227ac68b8ab4 6.4 85d9039c482a987b8379a206611edf3b48f1f8ff 6.3 40d534e36b7373f5a41e9c8106f5a6bcbda81cd9 |