Issue Details (XML | Word | Printable)

Key: BCMS-77
Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Savvas Triantafyllou
Reporter: Savvas Triantafyllou
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
BetaCMS

Enforce security rules prior to deleting a content object

Created: 04/Oct/09 01:57 AM   Updated: 04/Oct/09 01:59 AM
Component/s: None
Affects Version/s: None
Fix Version/s: 2.1.0.CR1

Time Tracking:
Original Estimate: Not Specified
Remaining Estimate: 0 minutes
Time Spent - 1 hour
Time Spent: 1 hour
Time Spent - 1 hour

Support Type: Code development


 Description  « Hide
The following rules must apply for a user to be able to delete a content object in ContentService methods

deleteContentObject

1. User has ROLE_ADMIN or is SYSTEM user (It is supposed that user SYSTEM has all roles)
2. User is the owner of the object
3. User is not the owner of the object but content object has accessibility.canBeDeletedBy
     whose value is ALL, or contains at least one of the roles user possesses, or explicitly contains user's id
4. Content type is personObject (that is its qualified name is {http://www.betaconceptframework.org/schema/betacms/identity/person}personObject), identityStore repository is the same with the repository and user has role CmsRole.ROLE_CMS_IDENTITY_STORE_EDITOR and property 'personAuthentication.username' is the same with user identity.

 All   Comments   Work Log   Change History      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Savvas Triantafyllou added a comment - 04/Oct/09 01:59 AM
Committed revision betacms-repository 3764


Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators