Task #52500
Work Package #49943: Security
Editors must only be able to access their own workspaces
| Status: | Resolved | Start date: | 2013-10-03 | |
|---|---|---|---|---|
| Priority: | Must have | Due date: | ||
| Assigned To: | - | % Done: | 100% |
|
| Category: | Content Editing | Spent time: | - | |
| Target version: | 1.0 beta 1 |
Description
Currently the node services allows any authenticated editor to access all nodes in all workspaces.
createNode of the NodeConverter has to get a runtime evaluation checking the workspace of the node.
Associated revisions
[TASK] Disallow nodes in workspaces of other users
For this to achieve we restrict the node type converter
to only allow create for nodes in the current user's
workspace or the live workspace.
Resolves: #52500
Change-Id: Ief0ab2ae4b7397344213d0fa4467d4d9f656c56d
Reviewed-on: https://review.typo3.org/24376
Reviewed-by: Andreas Förthner
Tested-by: Andreas Förthner
History
#1 Updated by Gerrit Code Review almost 2 years ago
- Status changed from New to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/24376
#2 Updated by Gerrit Code Review almost 2 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/24376
#3 Updated by Gerrit Code Review almost 2 years ago
Patch set 3 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/24376
#4 Updated by Gerrit Code Review almost 2 years ago
Patch set 4 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/24376
#5 Updated by Andreas Förthner almost 2 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset commit:2d82fbdd82ebacdde81d81fe5ad4df54fa11c151.