incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hany Salem (JIRA)" <j...@apache.org>
Subject [jira] Updated: (JSPWIKI-603) When in edit mode and the pagefilters are called, the modified String is ignored and the original text is loaded
Date Wed, 07 Oct 2009 14:50:31 GMT

     [ https://issues.apache.org/jira/browse/JSPWIKI-603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Hany Salem updated JSPWIKI-603:
-------------------------------

    Security:     (was: Security Vulnerability Disclosure)

> When in edit mode and the pagefilters are called, the modified String is ignored and
the original text is loaded
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: JSPWIKI-603
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-603
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Filters
>    Affects Versions: 2.8.2
>         Environment: Tomcat on XP
>            Reporter: Hany Salem
>
> Ok, now what I am doing may be the complete wrong way of solving my problem, however,
I don't know of an easier way, then I ran into this problem.
> For security, we would like some pages to be visible/edit to some users but not for others.
 That is User A can edit page 1 but only view page 2 and also not even have view access for
page 3.   The runtime will figure that by calling an external component.   So basically through
a page filter like e.g. Spam, I extended BasicPageFilter and analyze the logged in user and
page and decide at that time, e.g. no access, view, edit.  If no access I replace the page
contents with a String "User xxxx is not ahtorized to view this page".  This works great from
the PageFilter.  
> The bad part is the the edit tab is still there and if that same user who did NOT have
view access clicks it, then the editor box is displayed and my substitutions of the page contents
are ignored.  This is despite the filter being called in view mode to populate the edit pane...
> How come ?  Seems like a problem....  Maybe I am missing something.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message