This issue has been created
 
 
XWiki Platform / cid:jira-generated-image-avatar-ef6eb8fc-70af-4665-b8d3-c3c7480b84e2 XWIKI-22450 Open

The navigation panel configuration isn't applied when a user without access to the configuration accessed it
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-db7fbf00-74e4-4572-ba42-1ae242b0e07a Michael Hamann created this issue on 26/Aug/24 14:26
 
Summary: The navigation panel configuration isn't applied when a user without access to the configuration accessed it
Issue Type: cid:jira-generated-image-avatar-ef6eb8fc-70af-4665-b8d3-c3c7480b84e2 Bug
Affects Versions: 16.6.0
Assignee: Unassigned
Components: Panels
Created: 26/Aug/24 14:26
Priority: cid:jira-generated-image-static-major-d3f4cb35-598a-4419-a2aa-58d8c76d36ad Major
Reporter: Michael Hamann
Description:

Steps to reproduce:

  1. As admin user, grant view right to the admin group in the PanelsCode space
  2. As a guest user, access any page of the wiki that hasn't been recently viewed, like the Sandbox
  3. Access the same page as admin user.

Expected result:

The navigation panel is displayed as always, excluding top-level extension pages.

Actual result:

The navigation panel doesn't take its configuration into account and displays all pages including top-level extension pages.

Note: While the described setup might be artificial, this bug can also be reproduced in a setup where view right was denied globally for guests and then granted again on many individual UI elements like the document tree macro and the Panels space but not the PanelsCode space in order to grant guests access to the general UI and a few content pages.
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.