Uploaded image for project: '[Read Only] - Hippo Repository'
  1. [Read Only] - Hippo Repository
  2. REPO-2111

authors can invoke publishBranch, reintegrate and depublishBranch workflow actions

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • 5.6.0
    • None
    • None

    Description

      Authors are not allowed to execute publish/depublish or reintegrate workflow actions, but currently they are allowed to execute publishBranch and depublishBranch and reintegrate.

      Although authors will never call these actions via the UI (we use publish and depublish hints for the buttons) it is still an security issue. Developers could for instance implement custom workflow actions that would call these workflow actions.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. REPO-2040 Make sure only users with granted permissions can branch/(de)publishBranch/checkoutBranch and reintegrate

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Activity

            People

              Unassigned Unassigned
              meggermont Michiel Eggermont (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: