Bug 111030 - missing CMS folder/item permission checks
Summary: missing CMS folder/item permission checks
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise CMS
Classification: Retired
Component: ui
Version: 5.2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: ccm-bugs-list
QA Contact: Jon Orris
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-11-26 15:35 UTC by Scott Seago
Modified: 2007-04-18 16:59 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-03-09 15:36:51 UTC
Embargoed:

Attachments (Terms of Use)

Description Scott Seago 2003-11-26 15:35:26 UTC 
Description of problem:
On the CMS browse pane, the folder tree has permission filtering on
PREVIEW permissions, so that users won't see folders they have no
permission on. However, the item list does not have the same filtering
applied.

In addition, direct navigation to a folder (via the item page, etc.
using the set_folder URL var) needs permission checks.

Also, the item admin page should check user permissions.

London change #38322 resolves the above three issues, in addition to
adding a soft-deletion check to the item admin page to prevent an
unchecked exception from being thrown when attempting to generate the
admin page for a soft-deleted item.



Version-Release number of selected component (if applicable):
5.2+

How reproducible:
always

Steps to Reproduce:
1.navigate to a folder with a non-admin user which has private
subfolders (which the user has no access to)
2.the private folders will be missing on the folder tree but shown in
the brows pane
Note You need to log in before you can comment on or make changes to this bug.