This issue has been created
There are 2 updates.
 
 
XWiki Platform / cid:jira-generated-image-avatar-8a15564b-eff8-483a-b757-d27b517eb1a2 XWIKI-22679 Open

Required rights don't restrict edit rights
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-a472f87b-8be5-4d4c-ade3-9c8611fbfc7b Michael Hamann created this issue on 21/Nov/24 12:12
 
Summary: Required rights don't restrict edit rights
Issue Type: cid:jira-generated-image-avatar-8a15564b-eff8-483a-b757-d27b517eb1a2 Bug
Affects Versions: 16.10.0-rc-1
Assignee: Unassigned
Components: Security
Created: 21/Nov/24 12:12
Priority: cid:jira-generated-image-static-major-d7dd613d-f718-479c-b321-ec482ca4efe7 Major
Reporter: Michael Hamann
Description:

Steps to Reproduce:

  1. On a document, enable required rights and enforce script right.
  2. Try editing the document as a user without script right.

Expected result:

Editing isn't possible as right is denied.

Actual result:

Editing is possible.

This happened due to a bad merge in https://github.com/xwiki/xwiki-platform/commit/5f98bde87288326cf5787604e2bb87836875ed0e#diff-4b512565969c065fc1d2a844b43326e0c41d76cb31084bcb012e1f0219d17b97L164 and wasn't detected by automated tests as there were none.
 
 

2 updates

 
cid:jira-generated-image-avatar-a472f87b-8be5-4d4c-ade3-9c8611fbfc7b Changes by Michael Hamann on 21/Nov/24 12:12
 
Fix Version: 16.10.0
Assignee: Michael Hamann
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.