Uploaded image for project: 'Hippo CMS'
  1. Hippo CMS
  2. CMS-12255

Move 'webfiles' security domain to federated security domain below /webfiles and cms users should have read access to webfiles

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • 14.0.0
    • None
    • None

    Description

      Currently in 14.0.0-securitydomain-SNAPSHOT, authors and editors do not have read access to /webfiles. However, for 'switch template' feature (select different FTL for a component in channel mgr) they need read access.

      Currently, the webfiles are only readable for users with role 

      xm-hst-webfiles-reader

      However, also cms users should be able to read them. Next to that, '/webfiles' is bootstrapped by hippo-services-webfiles and has namespace prefix webfiles:webfiles : Hence, the domain security should be decoupled from the HST code, and the userrole should be something like xm_webfiles_reader and should not include any 'hst' part in the name: 'webfiles' is an upstream project wrt the HST

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. HSTTWO-4656 Move formdata security domain configuration below /formdata

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Activity

            People

              Unassigned Unassigned
              aschrijvers Ard Schrijvers
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: