| Summary: | Permissive instead of restrictive usecase policies | ||
|---|---|---|---|
| Product: | Lenya | Reporter: | Andreas Hartmann <andreas> |
| Component: | Access Control | Assignee: | Lenya Developers <dev> |
| Status: | CLOSED FIXED | ||
| Severity: | major | ||
| Priority: | P5 | ||
| Version: | 2.0 | ||
| Target Milestone: | 2.0 | ||
| Hardware: | Other | ||
| OS: | other | ||
| Attachments: |
changes usecase authorization to deny-by-default
this patch adds some policies to the default publication changed file location due to andreas' latest commit |
||
|
Description
Andreas Hartmann
2006-06-13 08:24:25 UTC
Created attachment 18513 [details]
changes usecase authorization to deny-by-default
see the next attachment for some boilerplate policies to make lenya usable
again.
Created attachment 18514 [details]
this patch adds some policies to the default publication
warning: these policies will only make the site usable for *admins*. a lot more
policies are needed to enable reviewers and editors to do their work again, but
i'm waiting for some feedback first.
i have raised the priority and severity for this bug, as the patch addresses a number of security issues. Created attachment 18518 [details] changed file location due to andreas' latest commit chasing the berzerk patch-man all over svn. i'm only a hair's width behind and closing in... :-D (this change is needed to make the patch apply against http://svn.apache.org/viewvc?rev=416708&view=rev) I added the functionality to the UsecaseAuthorizerImpl. The correct usecase policies are not yet set. damn. he is too fast for me :-D BTW, thanks for the patch! Unfortunately I saw it to late, but the changes are basically the same :) That's done. If you notice missing or wrong usecase policies, please complain on dev@lenya. Renaming Lenya 1.4 to 2.0 |