Issue Details (XML | Word | Printable)

Key: BCMS-76
Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Savvas Triantafyllou
Reporter: Savvas Triantafyllou
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
BetaCMS

Enforce security rules when saving a content object

Created: 04/Oct/09 12:44 AM   Updated: 04/Oct/09 12:45 AM
Component/s: None
Affects Version/s: None
Fix Version/s: 2.1.0.CR1

Time Tracking:
Original Estimate: Not Specified
Remaining Estimate: 0 minutes
Time Spent - 6 hours
Time Spent: 6 hours
Time Spent - 6 hours

Support Type: Code development


 Description  « Hide
The following rules must apply for a user to be able to save a content object in ContentService methods

saveAndVersionLockedContentObject
saveLockedContentObject
saveContentObject
saveAndVersionContentObject

1. User has CmsRole.ROLE_ADMIN or is SYSTEM user (It is supposed that user SYSTEM has all roles)
2. ContentObject is new and user has role ROLE_CMS_EDITOR
3. ContentObject already exists in repository and user is the owner of the object
4. ContentObject already exists in repository, user is not the owner of the object but content object has accessibility.canBeUpdated
    whose value is ALL, or contains at least one of the roles user possesses, or explicitly contains user's id
5. Content type is roleObject (that is its qualified name is {http://www.betaconceptframework.org/schema/betacms/identity/role}roleObject) and identityStore repository is the same with the repository and user has role CmsRole.ROLE_CMS_IDENTITY_STORE_EDITOR

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Savvas Triantafyllou added a comment - 04/Oct/09 12:45 AM
Committed revision betacms-repository 3762


Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators