[Geoserver-devel] [jira] (GEOS-5495) User with administrative rights on a workspace can modify other workspaces

Landry Breuil created BugGEOS-5495
User with administrative rights on a workspace can modify other workspaces

Issue Type:

BugBug

Affects Versions:

2.2.2

Assignee:

Andrea Aime

Components:

Security

Created:

11/Dec/12 10:40 AM

Description:

with a layer.properties containing :

..r=*
topp.*.a=ROLE_AUTHENTICATED

a logged in user only sees layers from the topp workspace, as expected.

BUT it can also see/modify other workspaces, create/remove datastores/styles from other workspaces. This shouldnt happen.

It cant add/remove workspaces.

Environment:

Debian Squeeze

Project:

GeoServer

Priority:

MajorMajor

Reporter:

Landry Breuil

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your [JIRA administrators](https://jira.codehaus.org/secure/ContactAdministrators!default.jspa). For more information on JIRA, see: [http://www.atlassian.com/software/jira](http://www.atlassian.com/software/jira)