[Registry-dev] [jira] Closed: (REGISTRY-45) users who has no permission to read the content can be access to sub directory level and download resource content

[Krishantha Samaraweera (JIRA)]

     [ http://wso2.org/jira/browse/REGISTRY-45?page=all ]

Krishantha Samaraweera closed REGISTRY-45.
------------------------------------------


This is not a bug. Resources added after setting the "deny" permission should not be visible to user and existing resources will be visible.verification done and logic is working fine.So issue will be closed.

> users who has no permission to read the content can be access to sub directory level and download resource content
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: REGISTRY-45
>                 URL: http://wso2.org/jira/browse/REGISTRY-45
>             Project: WSO2 Registry
>          Issue Type: Bug
>    Affects Versions: 0.1
>         Environment: Ubuntu 7.10, JDK 1.5.0_08, tomcat 6.0.14, Firefox/2.0.0.
>            Reporter: Krishantha Samaraweera
>         Assigned To: Chathura Ekanayake
>
> How to recreate:
> 1. login as admin
> 2. deny read action from user level for a particular user.
> 3. login as the user.
> 4. upon login 404 unauthorized message will be show. 
> 5. now go to search activity
> 6. do a all search
> 7. access to sub directory resource path by clicking in to resource path link
> 8. now you can down load any file
> user level restricted read permission is checked only on root level. sub directories can be accessed and read.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira