Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protection of ACL pages themselves #78

Open
centaure opened this issue Apr 9, 2017 · 2 comments
Open

Protection of ACL pages themselves #78

centaure opened this issue Apr 9, 2017 · 2 comments

Comments

@centaure
Copy link

centaure commented Apr 9, 2017

I notice that ACL pages such as ACL:Page/Foo1:Page1 are not protected themselves. These can be viewed by users who have neither read, nor write nor even manage permissions on Foo1:Page1.
Is this by design?
Can I just throw an error to the user who cannot manage or read Foo1:Page1? I don't see any reason why we need to show him details of ACL assignments when he has no business poking at Foo1:Page1?
@mukulagrawal78
Copy link

Any comments/feedback on how to protect ACL pages themselves?

@vitalif
Copy link
Member

vitalif commented Apr 28, 2017

You're probably right, it should be changed. Currently there is no way to protect ACL pages.
Current behaviour was intended for corporate environment where you need no "strict isolation", but rather need users to be able to request access privately...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vitalif @centaure @mukulagrawal78