Major
Nice to have
Bugfix
Major
Bugfix
In the Goto the target component is queried with "allow(<targetObject>)" whether the user has the rights to see the object.
However, if a SecurityObjectProvider is configured in the component that does not use the model as the security object, "allow = false" will be used, even though the user has rights (or vice versa).
Code migration
- Replace the configuration useDefaultChecker="true" in BoundComponent with securityProviderClass="securityRoot".
- SecurityObjectProvider has got a new parameter "model". This contains the model of the BoundChecker.
Test
TestSecurityOnGoto.script.xml