Details

    • Branch Version/s:
      6.1.x
    • Backported to Branch:
      Committed
    • Fix Priority:
      3
    • Similar Issues:
      Show 2 results 

      Description

      1. Add web content template or structure
      2. Remove guest view permissions
      3. Get the templateId or structureId and go to URL like this:
      http://localhost:8080/c/journal/get_template?templateId=10811

      Even if guests have permission to view it (this will be default on all public sites), I think only users who can update should actually be able to see the source of a template.

        Issue Links

          Activity

          Hide
          Raymond Auge added a comment -

          Waiting for comment on why the use of UPDATE instead of VIEW. Using UPDATE breaks lots of expectations and clarity. It also breaks current use cases.

          Show
          Raymond Auge added a comment - Waiting for comment on why the use of UPDATE instead of VIEW. Using UPDATE breaks lots of expectations and clarity. It also breaks current use cases.
          Hide
          Samuel Kong added a comment -

          For the fix I submitted

          • I'm using VIEW. Will create a separate ticket to remove VIEW permission by default.
          • Also included fix which prevents WebDAV users from viewing the structure/templates.
          Show
          Samuel Kong added a comment - For the fix I submitted I'm using VIEW. Will create a separate ticket to remove VIEW permission by default. Also included fix which prevents WebDAV users from viewing the structure/templates.
          Hide
          Michael Saechang added a comment -

          Committed on:
          Portal 6.2.x GIT ID: c4ed87db9ed0f7885a54447fffd7d0ba9f67dbcd.

          Show
          Michael Saechang added a comment - Committed on: Portal 6.2.x GIT ID: c4ed87db9ed0f7885a54447fffd7d0ba9f67dbcd.
          Hide
          Luyang Tan (Inactive) added a comment - - edited

          PASSED Manual Testing following the steps in the description.

          Reproduced on:
          Tomcat 7.0 + MySQL 5. Portal 6.1.20 EE GA2.

          When I remove guest view permission, after I type the URL, I can see the structure/template's source.
          When I access in the WebDAV, I can open the structure/template's source.

          Fixed on:
          Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: aa2df3cddf03b410f1f377adf9ae879150f68e0a.
          Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 7f1549a96d58e7ffdf7988242c7fdb047db0c74e.

          When I remove guest view permission, after I type the URL, I will get the error message: You do not have permission to access the requested resource.
          When I access in the WebDAV, I can not open the structure/template's source.

          Show
          Luyang Tan (Inactive) added a comment - - edited PASSED Manual Testing following the steps in the description. Reproduced on: Tomcat 7.0 + MySQL 5. Portal 6.1.20 EE GA2. When I remove guest view permission, after I type the URL, I can see the structure/template's source. When I access in the WebDAV, I can open the structure/template's source. Fixed on: Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: aa2df3cddf03b410f1f377adf9ae879150f68e0a. Tomcat 7.0 + MySQL 5. Portal 6.2.x GIT ID: 7f1549a96d58e7ffdf7988242c7fdb047db0c74e. When I remove guest view permission, after I type the URL, I will get the error message: You do not have permission to access the requested resource. When I access in the WebDAV, I can not open the structure/template's source.

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                2 years, 23 weeks, 2 days ago

                Development

                  Structure Helper Panel