• Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 2.6.Beta1
    • Fix Version/s: 2.6 CR3
    • Component/s: Portal CMS
    • Labels:


      When I log with an administrator different by "admin", I go into cms pannel of portal and I try to copy or move a file from a allowed space to a denied space, I have the error message that advise me that I haven't privileges to take that operation. But if I logout and then I enter again, I go into cms pannel and I see that my operation is succesfully done because the file is moved or copied anyway. Of course then I cannot to remove it because I've not permission in that zone. You can to test that operation moving default/support.html into / that ,in default, is allowed only to "admin" user. I've seen into the code that the permission access for copy and move operations is only for "from" path and there is no control for the "to" path Seeing method "hasManageAccess" into org.jboss.portal.cms.impl.jcr.command.ACLEnforcer class there is:

      else if(command instanceof MoveCommand)

      { path = ((MoveCommand)command).msFromPath; }

      and the same thing for copy command.
      I modified this part in this mode:

      else if(command instanceof MoveCommand)

      path = ((MoveCommand)command).msFromPath;
      hasManageAccess = this.computeAccess(user,path,"manage");

      if (hasManageAccess)

      { path = ((MoveCommand)command).msToPath; hasManageAccess = this.computeAccess(user,path,"manage"); }


      adding permission control for "to" path. It seems ok. May you try?

        Gliffy Diagrams




              • Assignee:
                soshah Sohil Shah
                sviluppatorefico Luca Stancapiano
              • Votes:
                0 Vote for this issue
                0 Start watching this issue


                • Created: