Last updated on MARCH 08, 2017
Applies to:Oracle WebCenter - Version: 126.96.36.199.0
Information in this document applies to any platform.
Users who do not have privilege to Create Thread or Create Message do have the Post New Thread and Reply links.
When they click on those links, they get a new authentication challenge, although they are already authenticated.
Steps to reproduce
1. As a WebCenter Discussion Administrator login to Discussion Admin Console
2. Go to Content -> Category Summary
3. Create a new Forum
4. Click on Permissions for the forum
5. Set it up in the following way:
Anyone: Read Forum
Registered Users: Read Forum, Rate Message, Vote in Poll
administrators: All privileges
6. Access to the forum as anonymous who should only have read permission
Notice that both the Post New Thread and Reply links are displayed, although the user does not have access to any of them
7. Click on Reply or Post New Thread, and notice that the login screen is displayed this may be ok, depending on customer's preference.
8. When logging in as a non-admin user who also only has read permission, it just re-throws the login page, although the user successfully logged in. This is wrong!
9. When viewing the forums with the non-admin user, then again, both the Post New Thread and Reply links are shown. This is wrong, as the user has no permission to do any of those.
10. When clicking on any of those links then again, a login screen is displayed, which is again wrong, as the user is already logged in.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms