 |
|
Item10094: TOPICLIST doesn't respect access controls
Priority: Normal
Current State: No Action Required
Released In: n/a
Target Release: n/a
Current State: No Action Required
Released In: n/a
Target Release: n/a
Applies To: Engine
Component:
Branches:
Component:
Branches:
- Create an unrestricted topic with %TOPICLIST% in it
- Have some topics with ALLOWTOPICVIEW restrictions ready in the same web
- Now go view the list topic with a user who is allowed to view the web, but shouldn't be allowed to view the restricted topics.
Main to the WikiGuest who should not be allowed to view most of them. Although the guest is not allowed to open those topics, all the names are exposed.
Can anybody confirm?
-- HolstenerLiesel - 29 Nov 2010
That's correct. I guess the reason is that classically, an access control check on a topic is very expensive. I agree it's less than ideal, but it's a compromise.
No action. If you want this changed (and have a proposal for how it can be done efficiently) then please raise a feature request.
-- CrawfordCurrie - 30 Nov 2010
ItemTemplate edit
| Summary | TOPICLIST doesn't respect access controls |
| ReportedBy | HolstenerLiesel |
| Codebase | 1.1.2 |
| SVN Range | |
| AppliesTo | Engine |
| Component | |
| Priority | Normal |
| CurrentState | No Action Required |
| WaitingFor | |
| Checkins | |
| TargetRelease | n/a |
| ReleasedIn | n/a |
Edit | Attach | Print version | History: r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r2 - 30 Nov 2010, CrawfordCurrie
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy