Space Index always shows even restricted pages

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Medium
    • 2.1.4
    • Affects Version/s: 2.1.3
    • Component/s: None
    • Environment:

      Standalone with standard installation. Sun's JDK 1.5.0_01 and custom Debian Linux.

      I have space viewable to anonymous users with few pages restricted view only to some group. I have

      {children}

      mark on space home page and it correctly hides restricted pages if home page is accessed by anonymous user. If I create another page containing

      {index} viewable to anonymous users, they can acctually read start of those restricted pages there. Now I can also restrict this index page, which "solves" the problem. I didn't try another scenario, but I think that if anonymous users have right to even add pages, they can create such {index}

      page with no possibility to prevent them to read parts of "secret" pages again.

      I think that proper behavior is to omit restricted pages in index if I don't have the rights to view them.

              Assignee:
              Unassigned
              Reporter:
              Richard Richard
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: