Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-26973

Plugins can change a page when restrictions should prevent editing (for users who are admins, but don't currently have elevated permissions)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: Medium Medium
    • None
    • 4.3
    • None

      If an Admin visits a page that has edit restrictions and selects either "Creately Diagram" (Creately plugin) or "UI Mockup" (Balsimiq plugin) then the page is changed and the image is inserted. Note that the admin has no elevate permissions at the current time.

      To demonstrate the problem do the following.

      1. Install Confluence 4.3 (unsure if it happens with later versions)
      2. Install either or both the Creately and/or Balsamiq plugins.
      3. Have any user create a page and restrict the edit permissions to himself.
      4. Have the admin go to that page.
      5. Admin tries to edit the page and receives an error they don't have permissions (this is bug CONF-25210) - this step is not required, included to show there are access restrictions.
      6. Under Add menu select either "Creately Diagram" or "UI Mockup". In both cases a diagram is inserted by the plugin at the top of the page. No errors.

              shaffenden Steve Haffenden (Inactive)
              8ea8ed1387dd Don Gamble
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: