| Anonymous | Login | Signup for a new account | 2023-05-29 11:01 CDT | |
| Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
| Viewing Issue Advanced Details [ Jump to Notes ] [ Wiki ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||
| ID | Category | Type | Reproducibility | Date Submitted | Last Update | ||
| 0001312 | [In-Portal CMS] Front End | bug report | always | 2012-06-11 06:51 | 2012-07-25 05:29 | ||
| Reporter | alex | View Status | public | Project Name | Advanced | ||
| Assigned To | alex | Developer | |||||
| Priority | normal | Resolution | fixed | Platform | |||
| Status | closed | OS | |||||
| OS Version | |||||||
| ETA | none | Fixed in Version | 1.2.0-RC1 | Product Version | 5.1.3 | ||
| Target Version | 5.2.0 | Product Build | |||||
| Time Estimate | No estimate | ||||||
| Summary | 0001312: CATEGORY.VIEW permission is not checked in templates | ||||||
| Description |
We don't check CATEGORY.VIEW permission on category listing pages and item .VIEW (e.g. LINK.VIEW, PRODUCT.VIEW) permissions on corresponding item detail pages. This results in ability to open category/item detail page even if you don't have corresponding view permission, but only have direct link to that page. Of course links to in accessible pages are not built anywhere, but page might have been public before (e.g. at time Google indexed it) but is inaccessible now. Also I think that we should throw "403 Forbidden" HTTP code on "No Permission" page, where user is redirected after accessing a page which he can't access. |
||||||
| Steps To Reproduce | |||||||
| Additional Information | |||||||
| Tags | No tags attached. | ||||||
| Reference | https://groups.google.com/d/topic/in-portal-bugs/GB2NLFHiH6k/discussion | ||||||
| Change Log Message | Fixes issue, when user still able to access pages, that became protected (via category permissions) | ||||||
| Estimate Points | 1 | ||||||
| Attached Files |
 view_permission_check_inside_categories.patch [^] (3,894 bytes) 2012-06-11 10:31
[Show Content]
|
||||||
|
|
|||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
 (0004715)alex (manager) 2012-06-11 10:32 |
Will test all together later. |
|
(0004716) alex (manager) 2012-06-11 10:33 |
Fix committed to 1.2.x branch. Commit Message: Fixes 0001312: CATEGORY.VIEW permission is not checked in templates |
|
(0004867) alex (manager) 2012-07-25 05:29 |
Since 5.2.0 version was released. |
|
Notes |
| Related Changesets |
|||
|
Themes :: Advanced: 1.2.x r15388 Timestamp: 2012-06-11 10:33:14 Author: alex [ Details ] [ Diff ] |
Fixes 0001312: CATEGORY.VIEW permission is not checked in templates | ||
| mod - /themes/advanced/branches/1.2.x/in-bulletin/designs/section.tpl | [ Diff ] [ File ] | ||
| mod - /themes/advanced/branches/1.2.x/in-bulletin/topics/topic_detail.tpl | [ Diff ] [ File ] | ||
| mod - /themes/advanced/branches/1.2.x/in-commerce/designs/section.tpl | [ Diff ] [ File ] | ||
| mod - /themes/advanced/branches/1.2.x/in-commerce/products/product_detail.tpl | [ Diff ] [ File ] | ||
| mod - /themes/advanced/branches/1.2.x/in-link/designs/section.tpl | [ Diff ] [ File ] | ||
| mod - /themes/advanced/branches/1.2.x/in-link/links/link_paid.tpl | [ Diff ] [ File ] | ||
| mod - /themes/advanced/branches/1.2.x/in-link/links/link_standard.tpl | [ Diff ] [ File ] | ||
| mod - /themes/advanced/branches/1.2.x/in-news/articles/article_detail.tpl | [ Diff ] [ File ] | ||
| mod - /themes/advanced/branches/1.2.x/in-news/designs/section.tpl | [ Diff ] [ File ] | ||
| Related Changesets |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2012-07-25 05:29 | alex | Note Added: 0004867 | |
| 2012-07-25 05:29 | alex | Status | resolved => closed |
| 2012-06-11 10:33 | alex | Note Added: 0004716 | |
| 2012-06-11 10:33 | alex | Status | reviewed and tested => resolved |
| 2012-06-11 10:33 | alex | Fixed in Version | => 1.2.0-RC1 |
| 2012-06-11 10:33 | alex | Resolution | open => fixed |
| 2012-06-11 10:33 | alex | Assigned To | !COMMUNITY => alex |
| 2012-06-11 10:33 | alex | Changeset attached | 1.2.x r15388 |
| 2012-06-11 10:32 | alex | Note Added: 0004715 | |
| 2012-06-11 10:32 | alex | Status | needs testing => reviewed and tested |
| 2012-06-11 10:32 | alex | Assigned To | => !COMMUNITY |
| 2012-06-11 10:32 | alex | Developer | => alex |
| 2012-06-11 10:32 | alex | Status | active => needs testing |
| 2012-06-11 10:31 | alex | File Added: view_permission_check_inside_categories.patch | |
| 2012-06-11 06:52 | alex | Project | In-Portal CMS => Advanced |
| 2012-06-11 06:51 | alex | New Issue | |
| 2012-06-11 06:51 | alex | Reference | => https://groups.google.com/d/topic/in-portal-bugs/GB2NLFHiH6k/discussion |
| 2012-06-11 06:51 | alex | Change Log Message | => Fixes issue, when user still able to access pages, that became protected (via category permissions) |
| 2012-06-11 06:51 | alex | Estimate Points | => 1 |
|
Issue History |
| Main | My View | View Issues | Change Log | Roadmap | Docs | Wiki | Repositories |
Web Development by Intechnic
In-Portal Open Source CMS |
Copyright © 2000 - 2009 MantisBT Group
 |