Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-21234

Fix hardcoded checks of the powerusers group

    XMLWordPrintable

    Details

      Description

      The powerusers group name should not be hardcoded in java code, as it is allowed to override corresponding filters to make this configurable (in case some actions should be possible to some users part of a particlar group that would not be the powerusers one)

      So check at https://github.com/nuxeo/nuxeo/blob/master/nuxeo-features/rest-api/nuxeo-rest-api-server/src/main/java/org/nuxeo/ecm/restapi/server/jaxrs/usermanager/UserToGroupObject.java#L76 should be replaced by a filter check.

      See http://explorer.nuxeo.com/nuxeo/site/distribution/Nuxeo%20DM-7.10/viewContribution/org.nuxeo.connect.client.actions--filters for the filter to check, "usersGroupsManagementAccess" seems to fit the need, in conjunction with ActionManager#checkFilter

        Attachments

          Issue Links

          is required by

          Bug - A problem which impairs or prevents the functions of the product. NXP-21225 Improper check if user can administrate users and groups

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: