[REPO-1081] Make user's own groups readable in the defaultread domain (with patch) - Issues

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: 2.26.05
Fix Version/s: 2.28.00, CMS-10.0-FCS
Component/s: None
Labels:
- planned
- platform

Description

A CMS user cannot access /hippo:configuration/hippo:groups nor the groups to which he belongs below that.

This is easily visible in the repository servlet when logged in as the default user "author"

It results in the method org.onehippo.repository.security.User#getMemberships() returning no groups at all.

It can be fixed easily by adding two domain rules to the domain "defaultread": one for hipposys:groupfolder and one for hipposys:group with members=current user (expander _user_ ).

NB using a rule for hipposys:group with name = current-user-group (expander _group_ ) doesn't seem to work to fill User#getMemberships() using query //element(*, hipposys:group)[(@hipposys:members = '*' or @hipposys:members = 'CURRENT_USER')].

See attached files

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

hippo-groupfolder.xml
1 kB
03/Oct/14 9:56 AM
self-groups.xml
2 kB
03/Oct/14 2:48 PM

Activity

People

Assignee:: Unassigned

Reporter:: Jeroen Hoffman

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 03/Oct/14 9:55 AM

Updated:: 30/Apr/15 3:46 PM

Resolved:: 20/Apr/15 3:15 PM

Details

Description

Attachments

Attachments

Activity

People

Dates

related-pages-webpanel