Bug 111030 - missing CMS folder/item permission checks
missing CMS folder/item permission checks
Status: CLOSED WONTFIX
Product: Red Hat Enterprise CMS
Classification: Retired
Component: ui (Show other bugs)
5.2
All Linux
medium Severity medium
: ---
: ---
Assigned To: ccm-bugs-list
Jon Orris
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-11-26 10:35 EST by Scott Seago
Modified: 2007-04-18 12:59 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-09 10:36:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Scott Seago 2003-11-26 10:35:26 EST
Description of problem:
On the CMS browse pane, the folder tree has permission filtering on
PREVIEW permissions, so that users won't see folders they have no
permission on. However, the item list does not have the same filtering
applied.

In addition, direct navigation to a folder (via the item page, etc.
using the set_folder URL var) needs permission checks.

Also, the item admin page should check user permissions.

London change #38322 resolves the above three issues, in addition to
adding a soft-deletion check to the item admin page to prevent an
unchecked exception from being thrown when attempting to generate the
admin page for a soft-deleted item.



Version-Release number of selected component (if applicable):
5.2+

How reproducible:
always

Steps to Reproduce:
1.navigate to a folder with a non-admin user which has private
subfolders (which the user has no access to)
2.the private folders will be missing on the folder tree but shown in
the brows pane

Note You need to log in before you can comment on or make changes to this bug.