Details
-
Bug
-
Resolution: Fixed
-
Low
-
3.5
-
None
Description
Members of the special confluence-administrators group have access to all content on the site, however they should not see restricted content in search results or get notifications about changes on restricted pages.
There is a bug in the permission check for notifications about "contained" objects (comments and attachments) that result in the isSuperuser() check applying when these notifications are triggered by a space or network watch. This means members of confluence-administrators are emailed information that they are allowed to see, but should not be notified about.
This was introduced by my changes around super-user checking in CONF-18073, in Confluence 3.5.
Attachments
Issue Links
- is caused by
-
CONFSERVER-18073 Cache result of isSuperUser check in permission handling
- Closed