roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Huber (JIRA)" <>
Subject [jira] [Commented] (ROL-1983) Only expose AJAX User List Servlet to admin users
Date Mon, 27 Jan 2014 12:31:38 GMT


Greg Huber commented on ROL-1983:


Can you check Committed revision 1561651.  We missed the roller invite option, Preferences
| Members and Invite new member link.

I have re-done the mod, it shows the member screen name rather than the email address for
non admin users.

Cheers Greg.

> Only expose AJAX User List Servlet to admin users
> -------------------------------------------------
>                 Key: ROL-1983
>                 URL:
>             Project: Apache Roller
>          Issue Type: Task
>          Components: User Management
>    Affects Versions: 5.1, 5.0.3
>            Reporter: Glen Mazza
>            Assignee: Glen Mazza
>             Fix For: 5.1, 5.0.4
> For some reason the Roller user list is presently implemented via a servlet, allowing
the list of blog users and email addresses to be publicly accessible for those accessing the
URL.  Goal here is to shut off the servlet and use a traditional Struts/JPA method of listing
the users on the page, perhaps similar to our blog entry listing screen.
> UPDATE: there's nothing wrong with using a Servlet for this AJAX operation, but we should
only expose the Servlet to those who are logged into Roller as site admins.

This message was sent by Atlassian JIRA

View raw message