Details
-
Bug
-
Resolution: Fixed
-
Medium
-
5.7, 5.7.1, 5.7.3, 5.7.4
-
None
-
4
-
Description
Summary
Users have the ability to view a list of all blog posts, even from spaces in which they don't have permission to access.
Steps to Reproduce
- Install Confluence 5.7.x
- Create two spaces
- Space A
- Space B (remove all permissions for confluence-users)
- Create a blog post in Space A
- Create a blog post in Space B
- Create and login as a new regular user
- Goto the blog post in Space A
- Click the Month in the page breadcrumbs
Expected Results
The user should only see the the blog post from Space A listed
Actual Results
The user will see both blog posts listed.
Notes
- If the user attempts to view the blog post from Space B, it will give a Page Not Found message as expected
- This behavior can also be achieved by going directly to http://<confluencehost>/display/<spacekey>/2015/05 (or any combination of year and day)
- This behavior worked as expected in Confluence 5.6.x
Attachments
Issue Links
- duplicates
-
CONFSERVER-37627 Other space's blog posts are browsed in monthly view.
- Closed
- is duplicated by
-
CONFSERVER-38488 Monthly space blog shows blogs across entire site, not just space
- Closed
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...