History | Log In     View a printable version of the current page. Get help!  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details [XML]

Key: BPM-253
Type: Bug Bug
Status: Open Open
Priority: Critical Critical
Assignee: Wouter Zoons
Reporter: Tim Dysinger
Votes: (View)
Watchers: (View)
Operations

If you were logged in you would be able to see more operations.
Bpm4Struts Cartridge

CRUD security not respecting Actor <--> <<Manageable>> associations

Created: 01/Sep/05 07:53 PM   Updated: 27/Jan/06 08:29 PM
Component/s: CRUD
Affects Version/s: 3.1-RC1
Fix Version/s: None

File Attachments: 1. File AndromdaQAModel.xmi (172 kb)
Environment: Linux (Ubuntu) JDK 1.5/1.4 MagicDraw 9.5 sp1


 Description   
Doesn't matter who is logged into the application when security is enabled. Anyone can create/delete <<Manageable>> entities. This is a show stopper for my application as I can't deploy it until it's fixed. We don't want regular users creating or deleting sensitive <<Entity>> instances.

 All   Comments   Change History      Sort Order:
[ Permlink ]
Comment by Tim Dysinger [01/Sep/05 07:59 PM]
Sample model

[ Permlink ]
Comment by Wouter Zoons [02/Sep/05 09:08 AM]
use a dependency instead of an association: docs need update


This site is running on Atlassian JIRA with a free Open Source Project / Non-profit License (license details).
JIRA is an issue tracking and bug tracking application. Evaluate JIRA for your organisation.
Powered by Atlassian JIRA™ the Professional Issue Tracker. (Professional Edition, Version: 3.4.2-#108) - Bug/feature request - Contact Administrators