Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-11452

Users can move attachments to a space they have no permission for

XMLWordPrintable

      Any user with permission to edit pages in a space can move attachments in that space to any page in Confluence.

      Eg: suppose we have a user named StandardUser who has permission to edit pages in GeneralSpace, but no permission to view or edit RestrictedSpace, which contains a page predictably named Home.
      StandardUser:

      • goes to the attachments view of a page with attachments in GeneralSpace.
      • clicks edit.
      • types "RestrictedSpace:Home" into the Page field and clicks save.

      The attachment is moved.

      The user should really need the following permissions:
      View Space for RestrictedSpace
      Create Attachment for RestrictedSpace
      Furthermore, the user should not be restricted from viewing or editing the target page by any page level restrictions.

        1. ConfluenceActionSupport.properties
          325 kB
        2. MoveAttachmentAction.class
          11 kB

            [CONFSERVER-11452] Users can move attachments to a space they have no permission for

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2901316 ] New: CONFSERVER Bug Workflow v4 [ 2995910 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2797432 ] New: JAC Bug Workflow v3 [ 2901316 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2727547 ] New: JAC Bug Workflow v2 [ 2797432 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2392171 ] New: JAC Bug Workflow [ 2727547 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2273046 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2392171 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2216898 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2273046 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2169374 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2216898 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1929280 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2169374 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1729781 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1929280 ]
            Katherine Yabut made changes -
            Workflow Original: CONF Bug Subtask WF (TEMP) [ 1682885 ] New: Confluence Workflow - Public Facing - Restricted v3 [ 1729781 ]

              Unassigned Unassigned
              stafford@customware.net Stafford Vaughan [CustomWare]
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: