Ticket #13418 (confirmed Bug)

Opened 3 years ago

Last modified 3 years ago

Authenticated Users can create member folders

Reported by: spg14@… Owned by:
Priority: minor Milestone: 4.x
Component: General Version: 4.2
Keywords: Cc:

Description

With 'Enable User Folders' created if a member is granted Authenticated rights but isn't yet a member of the site they are given permissions to create folders on any site.

Ideally it would be nice to have this feature but only allow members or above be able to have this feature.

Being a University we are using Cosign to authenticate against so anyone at our University could in a sense login to the site and become an 'Authenticated User' and then dump any content they want on there. While it would have no bearing or be accessible externally we would still be responsible for the content on the site or someone could in fact fill up the space on the Plone server.

I am thinking there should be some kind of check of whether someone is a member before a folder can be created.

Change History

comment:1 Changed 3 years ago by kleist

  • Status changed from new to confirmed
  • Component changed from Unknown to General
Note: See TracTickets for help on using tickets.