Bug #35422
TYPO3 Security Framework should not take unexisting roles into account
| Status: | Resolved | Start date: | 2012-03-31 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assigned To: | - | % Done: | 100% |
|
| Category: | - | |||
| Target version: | - | |||
| Affected Flow version: | Git master |
Description
Now the Security Framework uses all roles available in the tokens. When a role is not configured in the Policy.yaml this should not have effect.
For example if you now create a new Phoenix user with the role 'User' the backend gives an 'Access denied!' because the security framework does not know the role User.
Expected behavior: just ignore the users role?
Associated revisions
[BUGFIX] Exceeding roles of accounts are now ignored
If an account had one ore more roles which were not
defined in a policy, access was denied to this account
because the role could not be matched. It is, however,
more practical to simply ignore exceeding roles.
This patch makes sure that getRoles() only considers
roles of the active tokens which really exist in one
of the policies.
Releases: 1.1
Resolves: #35422
Change-Id: I996553b671b79b23b8564189cdbc27a10af074e6
History
#1 Updated by Gerrit Code Review over 3 years ago
- Status changed from New to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10104
#2 Updated by Gerrit Code Review over 3 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10104
#3 Updated by Gerrit Code Review over 3 years ago
Patch set 3 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10104
#4 Updated by Gerrit Code Review over 3 years ago
Patch set 4 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10104
#5 Updated by Gerrit Code Review over 3 years ago
Patch set 5 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10104
#6 Updated by Rens Admiraal over 3 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset commit:a513961f1b2b0a771c900e626ccc93d0d0c1e171.